Editor’s Pick

Enlarge (credit: Arun Nevader)

Getty Images will give hundreds of thousands of users access to a new artificial intelligence image-generating tool, as a global intellectual property debate intensifies around the fast-moving technology.

The US photo agency, one of the world’s largest with more than 135 million copyrighted images in its archives, on Monday launched an AI tool that can create pictures based on user prompts. It also set out a payment plan for those whose images were used to train the AI system.

Getty added a pledge to protect the more than 800,000 users with an uncapped indemnification tied to the product, meaning the agency will assume full legal and financial responsibility on behalf of its business customers for any potential copyright disputes.

Enlarge (credit: Getty Images)

Apple has patched a potent chain of iOS zero-days that were used to infect the iPhone of an Egyptian presidential candidate with sophisticated spyware developed by a commercial exploit seller, Google and researchers from Citizen Lab said Friday.

The previously unknown vulnerabilities, which Apple patched on Thursday, were exploited in clickless attacks, meaning they didn’t require a target to take any steps other than to visit a website that used the HTTP protocol rather than the safer HTTPS alternative. A packet inspection device sitting on a cellular network in Egypt kept an eye out for connections from the phone of the targeted candidate and, when spotted, redirected it to a site that delivered the exploit chain, according to Citizen Lab, a research group at the University of Toronto’s Munk School.

A cast of villains, 3 0-days, and a compromised cell network

Citizen Lab said the attack was made possible by participation from the Egyptian government, spyware known as Predator sold by a company known as Cytrox, and hardware sold by Egypt-based Sandvine. The campaign targeted Ahmed Eltantawy, a former member of the Egyptian Parliament who announced he was running for president in March. Citizen Lab said the recent attacks were at least the third time Eltantawy’s iPhone has been attacked. One of them, in 2021, was successful and also installed Predator.

Enlarge (credit: Getty Images)

Incomplete information included in recent disclosures by Apple and Google reporting critical zero-day vulnerabilities under active exploitation in their products has created a “huge blindspot” that’s causing a large number of offerings from other developers to go unpatched, researchers said Thursday.

Two weeks ago, Apple reported that threat actors were actively exploiting a critical vulnerability in iOS so they could install espionage spyware known as Pegasus. The attacks used a zero-click method, meaning they required no interaction on the part of targets. Simply receiving a call or text on an iPhone was enough to become infected by the Pegasus, which is among the world’s most advanced pieces of known malware.

“Huge blindspot”

Apple said the vulnerability, tracked as CVE-2023-41064, stemmed from a buffer overflow bug in ImageIO, a proprietary framework that allows applications to read and write most image file formats, which include one known as WebP. Apple credited the discovery of the zero-day to Citizen Lab, a research group at the University of Toronto’s Munk School that follows attacks by nation-states targeting dissidents and other at-risk groups.

Enlarge (credit: Getty Images)

On Monday, Amazon introduced a new policy that limits Kindle authors from self-publishing more than three books per day on its platform, reports The Guardian. The rule comes as Amazon works to curb abuses of its publication system from an influx of AI-generated books.

Amazon revealed the new limitations in a post on its Kindle Direct Publishing (KDP) forum. KDP allows self-published authors to list their works on the Amazon website. While the official announcement did not state a limit number, an Amazon representative told The Guardian about the three-book limit, which can be adjusted “if needed.” Previously, there had been no limit on the number of books that authors could list daily.

Since the launch of ChatGPT, an AI assistant that can compose text in almost any style, some news outlets have reported a marked increase in AI-authored books, including some that seek to fool others by using established author names. Despite the anecdotal observations, Amazon is keeping its cool about the scale of the AI-generated book issue for now. “While we have not seen a spike in our publishing numbers,” they write, “in order to help protect against abuse, we are lowering the volume limits we have in place on new title creations.”

Enlarge

On Wednesday, OpenAI announced DALL-E 3, the latest version of its AI image synthesis model that features full integration with ChatGPT. DALL-E 3 renders images by closely following complex descriptions and handling in-image text generation (such as labels and signs), which challenged earlier models. Currently in research preview, it will be available to ChatGPT Plus and Enterprise customers in early October.

Like its predecessor, DALLE-3 is a text-to-image generator that creates novel images based on written descriptions called prompts. Although OpenAI released no technical details about DALL-E 3, the AI model at the heart of previous versions of DALL-E was trained on millions of images created by human artists and photographers, some of them licensed from stock websites like Shutterstock. It’s likely DALL-E 3 follows this same formula, but with new training techniques and more computational training time.

Judging by the samples provided by OpenAI on its promotional blog, DALL-E 3 appears to be a radically more capable image synthesis model than anything else available in terms of following prompts. While OpenAI’s examples have been cherry-picked for their effectiveness, they appear to follow the prompt instructions faithfully and convincingly render objects with minimal deformations. Compared to DALL-E 2, OpenAI says that DALL-E 3 refines small details like hands more effectively, creating engaging images by default with “no hacks or prompt engineering required.”

Enlarge (credit: Getty Images)

The Signal Foundation, maker of the Signal Protocol that encrypts messages sent by more than a billion people, has rolled out an update designed to prepare for a very real prospect that’s never far from the thoughts of just about every security engineer on the planet: the catastrophic fall of cryptographic protocols that secure some of the most sensitive secrets today.

The Signal Protocol is a key ingredient in the Signal, Google RCS, and WhatsApp messengers, which collectively have more than 1 billion users. It’s the engine that provides end-to-end encryption, meaning messages encrypted with the apps can be decrypted only by the recipients and no one else, including the platforms enabling the service. Until now, the Signal Protocol encrypted messages and voice calls with X3DH, a specification based on a form of cryptography known as Elliptic Curve Diffie-Hellman.

A brief detour: WTF is ECDH?

Often abbreviated as ECDH, Elliptic Curve Diffie-Hellman is a protocol unto its own. It combines two main building blocks. The first involves the use of elliptic curves to form asymmetric key pairs, each of which is unique to each user. One key in the pair is public and available to anyone to use for encrypting messages sent to the person who owns it. The corresponding private key is closely guarded by the user. It allows the user to decrypt the messages. Cryptography relying on a public-private key pair is often known as asymmetric encryption.

Enlarge (credit: Getty Images)

Google DeepMind researchers recently developed a technique to improve math ability in AI language models like ChatGPT by using other AI models to improve prompting—the written instructions that tell the AI model what to do. It found that using human-style encouragement improved math skills dramatically, in line with earlier results.

In a paper called “Large Language Models as Optimizers” listed this month on arXiv, DeepMind scientists introduced Optimization by PROmpting (OPRO), a method to improve the performance of large language models (LLMs) such as OpenAI’s ChatGPT and Google’s PaLM 2. This new approach sidesteps the limitations of traditional math-based optimizers by using natural language to guide LLMs in problem-solving. “Natural language” is a fancy way of saying everyday human speech.

“Instead of formally defining the optimization problem and deriving the update step with a programmed solver,” the researchers write, “we describe the optimization problem in natural language, then instruct the LLM to iteratively generate new solutions based on the problem description and the previously found solutions.”

Enlarge (credit: Getty Images)

On Tuesday, Google announced updates to its Google Bard AI assistant—its version of ChatGPT—including integration with Google apps (such as Gmail, Docs, Drive, Google Maps, YouTube, and Google Flights) and a feature to double-check Bard’s answers against web content. It also added language support for over 40 languages.

Notably, Bard’s new “double-check button” has been designed to provide a counter against confabulations where Bard produces inaccurate information or makes things up (a concept often called “hallucinations” in the AI field). It’s a public admission that Bard often lacks accuracy and isn’t a dependable factual reference. Here’s how Google describes it:

Starting today with responses in English, you can use Bard’s “Google it” button to more easily double-check its answers. When you click on the “G” icon, Bard will read the response and evaluate whether there is content across the web to substantiate it. When a statement can be evaluated, you can click the highlighted phrases and learn more about supporting or contradicting information found by Search.

To use the double-check feature, users can click a small “G” logo below Bard’s results. Bard will search the web and highlight sentences in its output that match affirmatively with a green highlight. Bard statements that contradict Google Search results get a peach-colored highlight. From our experiments, the double-check button reinforced some statements but did not always catch logical flaws in its output.

Enlarge

Researchers have discovered a never-before-seen backdoor for Linux that’s being used by a threat actor linked to the Chinese government.

The new backdoor originates from a Windows backdoor named Trochilus, which was first seen in 2015 by researchers from Arbor Networks, now known as Netscout. They said that Trochilus executed and ran only in memory, and the final payload never appeared on disks in most cases. That made the malware difficult to detect. Researchers from NHS Digital in the UK have said Trochilus was developed by APT10, an advanced persistent threat group linked to the Chinese government that also goes by the names Stone Panda and MenuPass.

Other groups eventually used it, and its source code has been available on GitHub for more than six years. Trochilus has been seen being used in campaigns that used a separate piece of malware known as RedLeaves.

Enlarge / Microsoft’s Surface Pro 9. Panos Panay has been in charge of the Surface line since its inception. (credit: Andrew Cunningham)

Microsoft’s Panos Panay, who has been in charge of the Surface hardware line for its entire existence and of Windows development since 2020, is leaving the company, according to a press release Microsoft sent out today. Panay’s duties on the Surface and Windows teams will be taken over by Consumer Chief Marketing Officer Yusuf Mehdi, who in the last year has been most visible as the face of most of the company’s big generative AI-related announcements.

“Thank you, Panos, for your impact on our products, culture, company, and industry over the past two decades. I’m grateful for your leadership, support, and all you’ve done for Microsoft and our customers and partners,” wrote Microsoft CEO Satya Nadella in a message that was shared with the press. “We remain steadfast and convicted in our strategy, and Yusuf Mehdi will take lead on our Windows and Surface businesses and products externally.”

If you’ve ever watched a Microsoft Surface announcement, you’ll know Panay from his emotional delivery, soulful eyes, and colorful shirts and by how genuinely he seemed to relish the opportunity to be telling you about what processors would be used in Microsoft’s next laptop. Panay joined Microsoft in 2004 and most recently was promoted to the company’s senior leadership team in 2021.