Wednesday Newsbytes: Microsoft’s January Patch fixes 98 flaws, A Fifth of Gov. Agency’s Passwords Cracked, Microsoft’s AI Tool Can Mimic Your Voice, ChatGPT Fools Scientific Researchers…and more!
Every day we scan the tech world for interesting news in the world of technology and sometimes from outside the world of technology. Every Wednesday, we feature news articles that grabbed our attention over the past week. We hope you find this week’s ‘Wednesday Newsbytes’ informative and interesting!
Microsoft January 2023 Patch Tuesday fixes 98 flaws, 1 zero-day
Today (yesterday) is Microsoft’s January 2023 Patch Tuesday, and with it comes fixes for an actively exploited zero-day vulnerability and a total of 98 flaws.
This is the first Patch Tuesday of 2023, and it fixes a whopping 98 vulnerabilities, with eleven of them classified as ‘Critical.’
Microsoft gave the vulnerabilities this severity rating as they allow remote code execution, bypass security features, or elevate privileges.
The number of bugs in each vulnerability category is listed below:
39 Elevation of Privilege Vulnerabilities
4 Security Feature Bypass Vulnerabilities
33 Remote Code Execution Vulnerabilities
10 Information Disclosure Vulnerabilities
10 Denial of Service Vulnerabilities
2 Spoofing Vulnerabilities
One zero-day fixed
This month’s Patch Tuesday fixes one zero-day vulnerability, one actively exploited and the other publicly disclosed.Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available…
Read more at Bleeping Computer.
A fifth of passwords used by federal agency cracked in security audit
89% of the department’s high-value assets didn’t use multi-factor authentication.
More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, and ChangeItN0w!—were weak enough to be cracked using standard methods, a recently published security audit of the agency found.
The audit was performed by the department’s inspector general, which obtained cryptographic hashes for 85,944 employee active directory (AD) accounts. Auditors then used a list of more than 1.5 billion words that included:
Dictionaries from multiple languages
US government terminology
Pop culture references
Publicly available password lists harvested from past data breaches across both public and private sectors
Common keyboard patterns (e.g., “qwerty”)The results weren’t encouraging. In all, the auditors cracked 18,174—or 21 percent—of the 85,944 cryptographic hashes they tested; 288 of the affected accounts had elevated privileges, and 362 of them belonged to senior government employees. In the first 90 minutes of testing, auditors cracked the hashes for 16 percent of the department’s user accounts.
The audit uncovered another security weakness…
Microsoft’s New AI Tool Just Needs to Hear Three Seconds of Your Voice to Mimic You
VALL-E can preserve the original speaker’s emotional tone and even simulate their acoustic environment.
Despite how far advancements in AI video generation have come, it still requires quite a bit of source material, like headshots from various angles or video footage, for someone to create a convincing deepfaked version of your likeness. When it comes to faking your voice, that’s a different story, as Microsoft researchers recently revealed a new AI tool that can simulate someone’s voice using just a three-second sample of them talking.
The new tool, a “neural codec language model” called VALL-E, is built on Meta’s EnCodec audio compression technology, revealed late last year, which uses AI to compress better-than-CD quality audio to data rates 10 times smaller than even MP3 files, without a noticeable loss in quality. Meta envisioned EnCodec as a way to improve the quality of phone calls in areas with spotty cellular coverage, or as a way to reduce bandwidth demands for music streaming services, but Microsoft is leveraging the technology as a way to make text to speech synthesis sound more realistic based on a very limited source sample.
Current text to speech systems are able to produce very realistic sounding voices, which is why smart assistants sound so authentic despite their verbal responses being generated on the fly. But they require high-quality and very clean training data, which is usually captured in a recording studio with professional equipment…
ChatGPT Writes Well Enough to Fool Scientific Reviewers
OpenAI’s text generator repeatedly wrote academic abstracts convincing enough to get past human readers. It could mean trouble for scientific publishing.
The internet’s new favorite toy, ChatGPT, accomplishes some things better than others. The machine learning-trained chatbot from OpenAI can string together sentences and paragraphs that flow smoothly on just about any topic you prompt it with. But it cannot reliably tell the truth. It can act as a believable substitute for a text-based mental health counselor. But it cannot write a passable Gizmodo article.
On the list of concerning things the AI text generator apparently can do, though, is fool scientific reviewers—at least some of the time, according to a pre-print study released Tuesday from Northwestern University and University of Chicago researchers. Published academic science relies on a process of article submission and review by human experts in relevant fields. If AI can routinely fool those reviewers, it could fuel a scientific integrity crisis, the new study authors warn.
In the pre-print, researchers began by picking 50 real, published medical articles. They took the title from each and fed it to ChatGPT with the prompt, “Please write a scientific abstract for the article [title] in the style of [journal] at [link].” Then, they pooled the real and fake abstracts together for a total of 100 samples. The researchers randomly assigned four medical professionals 25 abstracts to review, ensuring that none of the researchers were given samples with duplicate titles. The study researchers told the subjects that some of the abstracts were fake and some genuine…
Improved voice typing in Google Docs is coming to more browsers
Google Docs’ voice-typing feature, which lets you “type” and edit text using your voice and a microphone rather than your hands and a keyboard, is getting a couple of key upgrades.
First is that the feature is expanding to “most major browsers.” Currently, Google’s support page notes that it’s “only available in Chrome browsers.” Second is that it is being upgraded to “reduce transcription errors and minimize lost audio during transcription.”
As 9to5Google notes, voice typing has been available in Google Docs for over half a decade, allowing users to get words on the (virtual) page even if their hands are full or otherwise not in a position to be able to traditionally type. It can also work as a handy transcription tool in a pinch, though as our guide explains you might be better off with a dedicated piece of transcription software in most cases.
Frustratingly, although Google’s announcement says the feature is coming to “most major browsers,” it doesn’t specify exactly which browsers these are…
Series of Mysterious Antennas Found Throughout Foothills of Salt Lake City
Authorities in Utah are trying to get to the bottom of a strange mystery involving a series of puzzling antennas that have been discovered throughout the foothills of Salt Lake City. According to a local media report, the peculiar case began approximately a year ago when a handful of the peculiar devices were first found. Since that time and particularly over the last few months, several more of the gadgets have been stumbled upon to the point that Salt Lake City recreational trails manager Tyler Fonarow indicated that “now it might be as much as a dozen.” In addition to sporting an antenna, the curious contraptions also feature a solar panel and a locked battery box.
Upon being discovered “bolted into different peaks and summits and ridges around the foothills,” Fonarow said, the devices are promptly removed by city officials, who are now hoping to not only figure out their purpose, but also determine who keeps installing them, which is also a mystery. “We just don’t leave things on public lands anymore,” he lamented, “you have to ask for permission.” While one antenna was found on property belonging to the University of Utah, officials there say that they are unaware of any connection to the devices which keep appearing in the area…
Read more at Coast to Coast AM.
Thanks for reading this week’s Wednesday Newbytes. We hope you found these articles informative, interesting, fun, and helpful. Darcy & TC
Whether it was intended or not, my computer runs faster after the update. I realize that simply re-starting often improves operation but this is exceptional. I wonder how long it will last.
The article about the passwords from the Interior Department was both amusing and sad.