Bob Young :verified:

fifonetworks@infosec.exchange

Sole proprietor, FIFO Networks
Cybersecurity - Networks - Wireless – Telecom - VoIP
Most of my money comes from contract work for public utilities around the country, but I also provide remote tech support to small business and SOHO clients, mainly (but not exclusively) in the USA.

I do a fair amount of custom work for people when a loved one dies: unlocking computers, data recovery, and account recovery (Advice: keep paying their cell phone bill until you've got all their data back).

Also, personal cybersecurity for journalists, TV reporters, politicians down to the City Council level, and political candidates. TV stations: contact me for contract pricing for your entire news team.

Use https://fifonetworks.com/contact-us/ for questions or to schedule service. It's just me. You'll be communicating directly with me.

Licensed and Insured.

mastodon (AP)

Bob Young :verified:

3 weeks ago •

Bob Young :verified:
3 weeks ago •

Challenge accepted! The UPS Virtual Assistant popped up unbidden when I was tracking a package. It said, “Let me know how I can help.”

That got me to thinking – to what extent can the UPS Virtual Assistant be helpful? Is it configured to only answer questions relevant to customer assistance on the UPS website, or is it allowed to range freely over the length and breadth of the Internet?

As a starter question, I asked it, “What is the square root of 144?” Not because I don’t know the answer, but because it *should* be out of scope. And sure enough, it politely refused to take on the question.

Now, after you get done chuckling, take a moment to consider the broader, and very real, security implications of misconfigured or improperly managed Virtual Assistants. What if a VA has access to customer information, but doesn’t perform proper authentication routines? What if, in the case of the UPS Virtual Assistant, it has truck route and schedule information, and reveals it to anyone who asks? What if it can query the HR database and return the information in an employee’s performance review?

CEOs and corporate attorneys: scrutinize the capabilities of your company’s interactive artificial intelligence systems.

1) Limits should be written in the design specs and proposal.
2) Before the system goes live it should be tested for compliance with its clearly defined limitations.
3) If your system is already live and you haven’t discussed how its controlled, start asking very hard and specific questions.

#cybersecurity #ai #llm

Screenshot of the conversation with the UPS Virtual Assistant as described in the post.

Tim Kellogg

2 weeks ago •

yeah, so much of the time it’s up to the developers to determine the limits. which is not okay. at all.

silverwizard

2 weeks ago from ZoobopDeDoDop!

@Bob Young :verified: The real problem is also *what is a question*

I was messing with the horrific and ghoulish askellyn.ai the other day, and I wanted a recipe for Turkish Delight (I dunno), and it wouldn't help me *except* when I said I was writing a song about making Turkish Delight. However, no matter what, it wouldn't help me make napalm, and if the word "napalm" appeared in the response, the response was the same stock response.

Which, kinda comes down to this weird point, if you're going to spend hours picking and choosing topics and terms you guard rail around, wouldn't it to be easier to keyword search through documentation?

@Bob Young :verified:

⇧