The Security Risks of Microsoft Bing AI Chat at this Time

Read Time:4 Minute, 51 Second

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

AI has long since been an intriguing topic for every tech-savvy person, and the concept of AI chatbots is not entirely new. In 2023, AI chatbots will be all the world can talk about, especially after the release of ChatGPT by OpenAI. Still, there was a past when AI chatbots, specifically Bing’s AI chatbot, Sydney, managed to wreak havoc over the internet and had to be forcefully shut down. Now, in 2023, with the world relatively more technologically advanced, AI chatbots have appeared with more gist and fervor. Almost every tech giant is on its way to producing large Language Model chatbots like chatGPT, with Google successfully releasing its Bard and Microsoft and returning to Sydney. However, despite the technological advancements, it seems that there remains a significant part of the risks that these tech giants, specifically Microsoft, have managed to ignore while releasing their chatbots.

What is Microsoft Bing AI Chat Used for?

Microsoft has released the Bing AI chat in collaboration with OpenAI after the release of ChatGPT. This AI chatbot is a relatively advanced version of ChatGPT 3, known as ChatGPT 4, promising more creativity and accuracy. Therefore, unlike ChatGPT 3, the Bing AI chatbot has several uses, including the ability to generate new content such as images, code, and texts. Apart from that, the chatbot also serves as a conversational web search engine and answers questions about current events, history, random facts, and almost every other topic in a concise and conversational manner. Moreover, it also allows image inputs, such that users can upload images in the chatbot and ask questions related to them.

Since the chatbot has several impressive features, its use quickly spread in various industries, specifically within the creative industry. It is a handy tool for generating ideas, research, content, and graphics. However, one major problem with its adoption is the various cybersecurity issues and risks that the chatbot poses. The problem with these cybersecurity issues is that it is not possible to mitigate them through traditional security tools like VPN, antivirus, etc., which is a significant reason why chatbots are still not as popular as they should be.

Is Microsoft Bing AI Chat Safe?

Like ChatGPT, Microsoft Bing Chat is fairly new, and although many users claim that it is far better in terms of responses and research, its security is something to remain skeptical over. The modern version of the Microsoft AI chatbot is formed in partnership with OpenAI and is a better version of ChatGPT. However, despite that, the chatbot has several privacy and security issues, such as:

The chatbot may spy on Microsoft employees through their webcams.
Microsoft is bringing ads to Bing, which marketers often use to track users and gather personal information for targeted advertisements.
The chatbot stores users’ information, and certain employees can access it, which breaches users’ privacy. – Microsoft’s staff can read chatbot conversations; therefore, sharing sensitive information is vulnerable.
The chatbot can be used to aid in several cybersecurity attacks, such as aiding in spear phishing attacks and creating ransomware codes.
Bing AI chat has a feature that lets the chatbot “see” what web pages are open on the users’ other tabs.
The chatbot has been known to be vulnerable to prompt injection attacks that leave users vulnerable to data theft and scams.
Vulnerabilities in the chatbot have led to data leak issues.

Even though the Microsoft Bing AI chatbot is relatively new, it is subject to such vulnerabilities. However, privacy and security are not the only concerns its users must look out for. Since it is still predominantly within the developmental stage, the chatbot has also been known to have several programming issues. Despite being significantly better in research and creativity than ChatGPT 3, the Bing AI chatbot is also said to provide faulty and misleading information and give snide remarks in response to prompts.

Can I Safely Use Microsoft Bing AI Chat?

Although the chatbot has several privacy and security concerns, it is helpful in several ways. With generative AI chatbots automating tasks, work within an organization is now occurring more smoothly and faster. Therefore, it is hard to abandon the use of generative AI altogether. Instead, the best way out is to implement secure practices of generative AI such as:

Make sure never to share personal information with the chatbot.
Implement safe AI use policies in the organization
Best have a strong zero-trust policy in the organization
Ensure that the use of this chatbot is monitored

While these are not completely foolproof ways of ensuring the safe use of Microsoft Bing AI chat, these precautionary methods can help you remain secure while using the chatbot.

Final Words

The Microsoft Bing AI chatbot undeniably offers creative potential. The chatbot is applicable in various industries. However, beneath its promising facade lies a series of security concerns that should not be taken lightly. From privacy breaches to potential vulnerabilities in the chatbot’s architecture, the risks associated with its use are more substantial than they may initially appear.

While Bing AI chat undoubtedly presents opportunities for innovation and efficiency within organizations, users must exercise caution and diligence. Implementing stringent security practices, safeguarding personal information, and closely monitoring its usage are essential steps to mitigate the potential risks of this powerful tool.

As technology continues to evolve, striking the delicate balance between harnessing the benefits of AI and safeguarding against its inherent risks becomes increasingly vital. In the case of Microsoft’s Bing AI chat, vigilance and proactive security measures are paramount to ensure that its advantages do not come at the expense of privacy and data integrity.

Read More

php-8.2.18-1.fc38

Read Time:2 Minute, 2 Second

FEDORA-2024-39d50cc975

Packages in this update:

php-8.2.18-1.fc38

Update description:

PHP version 8.2.18 (11 Apr 2024)

Core:

Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos)
Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud)

DOM:

Add some missing ZPP checks. (nielsdos)
Fix potential memory leak in XPath evaluation results. (nielsdos)
Fix phpdoc for DOMDocument load methods. (VincentLanglet)

FPM

Fix incorrect check in fpm_shm_free(). (nielsdos)

GD:

Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)

Gettext:

Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier)

MySQLnd:

Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)

Opcache:

Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry)
Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob)

PDO:

Fix various PDORow bugs. (Girgias)

Random:

Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla)
Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla)

Session:

Fixed bug GH-13680 (Segfault with session_decode and compilation error). (nielsdos)

Sockets:

Fixed bug GH-13604 (socket_getsockname returns random characters in the end of the socket name). (David Carlier)

SPL:

Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized in PHP 8.2.15). (nielsdos)
Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)

Standard:

Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
Fixed GH-13402 (Added validation of n in $additional_headers of mail()). (SakiTakamachi)
Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). (divinity76)
Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)

XML:

Fixed bug GH-13517 (Multiple test failures when building with –with-expat). (nielsdos)

Read More

php-8.2.18-1.fc39

Read Time:2 Minute, 2 Second

FEDORA-2024-b46619f761

Packages in this update:

php-8.2.18-1.fc39

Update description:

PHP version 8.2.18 (11 Apr 2024)

Core:

Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos)
Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud)

DOM:

Add some missing ZPP checks. (nielsdos)
Fix potential memory leak in XPath evaluation results. (nielsdos)
Fix phpdoc for DOMDocument load methods. (VincentLanglet)

FPM

Fix incorrect check in fpm_shm_free(). (nielsdos)

GD:

Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)

Gettext:

Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier)

MySQLnd:

Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)

Opcache:

Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry)
Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob)

PDO:

Fix various PDORow bugs. (Girgias)

Random:

Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla)
Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla)

Session:

Fixed bug GH-13680 (Segfault with session_decode and compilation error). (nielsdos)

Sockets:

Fixed bug GH-13604 (socket_getsockname returns random characters in the end of the socket name). (David Carlier)

SPL:

Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized in PHP 8.2.15). (nielsdos)
Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)

Standard:

Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
Fixed GH-13402 (Added validation of n in $additional_headers of mail()). (SakiTakamachi)
Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). (divinity76)
Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)

XML:

Fixed bug GH-13517 (Multiple test failures when building with –with-expat). (nielsdos)

Read More

php-8.3.5-1.fc40

Read Time:2 Minute, 1 Second

FEDORA-2024-5e8ae0def0

Packages in this update:

php-8.3.5-1.fc40

Update description:

PHP version 8.3.5 (11 Apr 2024)

Core:

Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps). (Arnaud)
Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos)
Fixed bug GH-13446 (Restore exception handler after it finishes). (ilutov)
Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud)

DOM:

Add some missing ZPP checks. (nielsdos)
Fix potential memory leak in XPath evaluation results. (nielsdos)

FPM:

Fixed GH-11086 (FPM: config test runs twice in daemonised mode). (Jakub Zelenka)
Fix incorrect check in fpm_shm_free(). (nielsdos)

GD:

Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)

Gettext:

Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier)

MySQLnd:

Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)

Opcache:

Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry)
Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob)

Random:

Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla)
Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla)

Session:

Fixed bug GH-13680 (Segfault with session_decode and compilation error). (nielsdos)

SPL:

Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)

Standard:

Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
Fixed GH-13402 (Added validation of n in $additional_headers of mail()). (SakiTakamachi)
Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). (divinity76)
Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka) Fixed bug GHSA-fjp9-9hwx-59fq (mb_encode_mimeheader runs endlessly for some inputs). (CVE-2024-2757) (Alex Dowad)

Read More