Reuters reported last week that OpenAI staff researchers wrote a letter to the board warning an internal project named Q* could represent a breakthrough in creating AI that could surpass human intelligence in a range of fields. That letter was sent ahead of Altman’s firing.

The model, called Q* – and pronounced as “Q-Star” – was able to solve basic maths problems it had not seen before, according to the tech news site the Information, which added that the pace of development behind the system had alarmed some safety researchers. The ability to solve maths problems would be viewed as a significant development in AI.

Neither OpenAI nor its largest backer Microsoft have publicly confirmed the existence of Q*, much less the possibility that it is a dangerous breakthrough in AI technology. OpenAI didn’t respond to requests for comment.

These sorts of claims aren’t new, either. A Google engineer claimed in 2022 that an unreleased AI system had become sentient. The claim caused a brief flurry of excitement before the engineer was fired and the company denied the claim.

The only detail given in the report about Q*’s capabilities was that it could solve certain mathematical problems at the level of grade-school students. That has led to skepticism about how serious an advance Q* could be. Elon Musk suggested his own Grok chatbot could outdo Q* by both solving math problems and fundamental philosophical questions.

Should we be worried??

Read more

Hello all. NIST has released revision 3 of the 800-82, Guide to Industrial Control Systems (ICS) Security. Revision 2 has been a staple for many in the OT/ICS world in evaluating the security of control systems. This third revision of SP 800-82 provides an overview of OT and typical system topologies, identifies typical threats to organizational mission and business functions supported by OT, describes typical vulnerabilities in OT, and provides recommended security safeguards and countermeasures to manage the associated risks.

Updates in this revision also include:

  • Expansion in scope from ICS to OT
  • Updates to OT threats and vulnerabilities
  • Updates to OT risk management, recommended practices, and architectures
  • Updates to current activities in OT security
  • Updates to security capabilities and tools for OT
  • Additional alignment with other OT security standards and guidelines, including the Cybersecurity Framework (CSF)
  • New tailoring guidance for NIST SP 800-53, Rev. 5 security controls
  • An OT overlay for NIST SP 800-53, Rev. 5 security controls that provides tailored security control baselines for low-impact, moderate-impact, and high-impact OT systems.

Final comments due on July 1, 2022, so expect revision 3 to be final soon. The revision 3 draft can be downloaded at:

Read more

A critical vulnerability in the open-source logging software Apache Log4j 2 is fueling a chaotic race in the cybersecurity world, with the Apache Software Foundation (ASF) issuing an emergency security update as bad actors searched for vulnerable servers.

Log4j 2, developed by the ASF, is a widely used Java package that enables logging in an array of  popular applications. The bug, tracked as CVE-2021-44228, is a zero-day vulnerability that allows unauthenticated remote code execution (RCE) that could give attacks control of the systems the software is running in.

The vulnerability – which has been dubbed Log4Shell – has been given a severity score of 10/10, the highest score possible. The Apache Foundation released an emergency patch as part of the 2.15.0 release of Log4j 2 that fixes the RCE vulnerability.

The software is used by both enterprise applications as well as cloud-based services, and the vulnerability could have wide effects on enterprises, according to security professionals. Log4Shell reportedly also can impact the default configurations of several Apache frameworks, such as Apache Struts2, Apache Druid and Apache Flink.

More info:

Read more