ChatGPT Wrote My Homework

We have put it off as long as we could, but the data is in and the craze hasn't stopped, so it is time to finally talk about ChatGPT.

Released back in November 2022, ChatGPT was immediately a hit with its conversational search results. Coupled with its ability to generate seemingly new content, such as articles, poems, social media posts, and even recipes, the excitement around it only grew.

In the months since, we have seen amazing applications of ChatGPT while also witnessing some of the potential drawbacks of the service.

The Good

At this point, ChatGPT has been used to automate and improve efficiency in numerous ways, including:

• Using ChatGPT to quickly collect and draft cold emails to contacts at tech start-ups?in?Google Spreadsheets.
• Quickly?visualize data
• Querying?Google Drive
• Answer?security questionnaires
• Planning?bachelor parties
• And even?penetration testing

Already the development community have started writing?plugins for chatgpt?and extending its capabilities further.

Despite all of this excitement, there are some drawbacks though.

The Not as Good

I raised?privacy concerns?regarding the registration process (why does it need both an email address and a phone number??), but?Samsung employees?quickly got in trouble as well for sharing internal source code and meeting notes with the third party service.

Moreover, despite huge troves of training data,?complaints have arisen?about bias in the tool as well as ChatGPT's tendency to present flat-out wrong answers as facts or?disclose personal data. This latter tendency even prompted?StackOverflow to ban?the service.

And finally, researchers of all kinds have amused themselves by?hacking ChatGPT's security controls, tricking the service into telling raunchy jokes, explaining how to hijack a car, or even what websites to use for illegal activity.

The Future

ChatGPT is a long way from a perfect product, but do the problems outweigh the potential benefits?

That isn't an easy question to answer but it is a prominent one for security professionals everywhere as we find the appropriate line between enabling the business while mitigating security risks.

Because as my wife has demonstrated by letting ChatGPT plan our holiday dinner menu recently, it isn't a question of whether people will continue using it.?

The question is simply whether the security industry will help make the future versions better and more secure.

Security News

• The North Korean software?supply chain attack?on a Chicago financial trading software developer infected additional victims besides 3CX, including two critical infrastructure organizations in the energy sector, says the Symantec Threat Hunter Team.
• A?North Korean backdoor?targeting Linux desktop users shares infrastructure with the hacking group behind the 3CX software supply chain hack.
• A?bug in how Google Cloud Platform?handles OAuth tokens opened the door to Trojan apps that could access anything in users' personal or business Google Drives, Photos, Gmail, and more.
• An unauthorized actor gained access to the systems of Shields Health Care Group (SHCG) in March, exposing driver's license numbers as well as other identification information for?more than 2.3 million patients, according to the company.
• A phishing campaign?that launched in March and is actively targeting Microsoft operating system users in Europe and the US is making the rounds, using the EvilExtractor tool as its weapon of choice.
• Print management software provider?PaperCut?said that it has "evidence to suggest that unpatched servers are being exploited in the wild," citing two vulnerability reports from cybersecurity company Trend Micro.
• Threat actors?have been observed?leveraging a legitimate but outdated WordPress plugin to surreptitiously backdoor websites as part of an ongoing campaign, Sucuri?revealed?in a report published last week.
• An Australian military helicopter crash was reportedly caused by?failure to apply a software patch, with a hefty side serving of pilot error.
• More than half of the?enterprise routers researchers bought?secondhand hadn’t been wiped, exposing sensitive info like login credentials and customer data.

Until next time,

The?Craft Compliance?Team