sgt_zim
AH legend
- Joined
- Mar 26, 2017
- Messages
- 4,594
- Reaction score
- 17,702
- Location
- Richmond, Texas
- Media
- 33
- Articles
- 1
- Member of
- NRA, Houston Safari Club Foundation, NWTF
- Hunted
- South Africa, Idaho, Texas, Louisiana
By "computer" I also mean smart phones, because that's what they are - computers that can also easily be used as telephones.
We have noticed quite the uptick in reported 0-day vulnerabilities (unknown vulnerabilities) over the last 10 months or so. Our thinking when AI first started being a thing was that it would probably take maybe 3 years for the bad guys to start weaponizing AI. Bad news. It didn't take them 3 years.
No operating system is safe. Even software developers who are very good at what they do, are very conscientious about security, make a lot of security mistakes. Most software developers aren't that good. There are actually software tools called SAST and DAST that scan and test code for vulnerabilities. I look through the reports generated by these tools for our developers with some regularity. I won't say the reports are all horrible, but there's a reason we renew licensing for them both every year.
The bad guys are going to use AI to discover vulnerabilities that have likely existed for years that nobody ever knew about. In a recent test, some researchers spun up some bots with AI to do just this, and about 50% of their testing found 0-day vulns. Keep in mind, they're still fairly primitive with the AI-based attacks, but they will get more sophisticated with it.
Finding a 0-day prior to AI was painstaking work, and only the guys who were *really* good at super-nerdery were capable of it. We're talking people who are capable of PhD level math or computer science, even if they were not degreed. AI has changed that. I can copy what these guys have done, but coming up with an original, 0-day attack...I just don't pack the gear to be able to do that.
I said all that to say this: patching has become more important than ever. Folks on Win XP/Vista/7/8/8.1 need new computers with Win 11 (and I hate W 11, I won't be upgrading to it from 10, but I'm a nerd and have other options).
We have noticed quite the uptick in reported 0-day vulnerabilities (unknown vulnerabilities) over the last 10 months or so. Our thinking when AI first started being a thing was that it would probably take maybe 3 years for the bad guys to start weaponizing AI. Bad news. It didn't take them 3 years.
No operating system is safe. Even software developers who are very good at what they do, are very conscientious about security, make a lot of security mistakes. Most software developers aren't that good. There are actually software tools called SAST and DAST that scan and test code for vulnerabilities. I look through the reports generated by these tools for our developers with some regularity. I won't say the reports are all horrible, but there's a reason we renew licensing for them both every year.
The bad guys are going to use AI to discover vulnerabilities that have likely existed for years that nobody ever knew about. In a recent test, some researchers spun up some bots with AI to do just this, and about 50% of their testing found 0-day vulns. Keep in mind, they're still fairly primitive with the AI-based attacks, but they will get more sophisticated with it.
Finding a 0-day prior to AI was painstaking work, and only the guys who were *really* good at super-nerdery were capable of it. We're talking people who are capable of PhD level math or computer science, even if they were not degreed. AI has changed that. I can copy what these guys have done, but coming up with an original, 0-day attack...I just don't pack the gear to be able to do that.
I said all that to say this: patching has become more important than ever. Folks on Win XP/Vista/7/8/8.1 need new computers with Win 11 (and I hate W 11, I won't be upgrading to it from 10, but I'm a nerd and have other options).