Catch up on this week’s round-up of the latest hosting and tech news. Here’s what we’ve uncovered since our last edition.
Facebook puts Reddit in the Blender
Facebook’s new chatbot, Blender, has been taught knowledge and empathy and given its own personality thanks to 1.5 billion public conversations from the website Reddit used in its training. Using an incredibly complex model with almost 10 billion parameters, it is the first chatbot to incorporate such a vast set of conversational skills. During testing, almost half of the participants preferred interacting with it to chatting to a real person.
Although seen as a step in the right direction in the creation of a realistic, human-like AI interaction, the chatbot still has some way to go. Part of the problem is that by using real conversations during its training, it has perhaps become all too human, occasionally making up facts and using swear words during interactions. While this might be natural for humans, or at least for Reddit users, the corporate chatbot Facebook wants to launch obviously needs these attributes cleaning up.
Indian AI helping NHS diagnose COVID lung damage
Artificial intelligence software, developed by Mumbai-based Qure.ai, is being used by some NHS hospitals to improve understanding of the chest x-rays of Coronavirus patients. The AI tool was trained using over two million chest X-rays, hundreds of which were of patients who tested positive for the virus. At the Royal Bolton Hospital, the software checks every chest x-ray looking to confirm signs of the disease and the level of infection by finding patterns in lung opacity. This enables doctors to make better decisions, such as whether a patient should be admitted to hospital or moved to ICU, or if they have recovered sufficiently to be moved back to the ward or discharged.
This, however, is less advanced than the Axial AI used in China which analyses CT imagery in seconds and can show if a Coronavirus patient is at risk of developing pneumonia. Unfortunately, the issue for the NHS is that it is more reliant on easy to carry out x-rays than the time-consuming but much more detailed CT scans. As a result, the Chinese AI, though more advanced, would have less of an impact overall.
Fatal flaw in UK virus tracking app
The key aim of the UK’s tracking app is that it wants to gather information about those you come within 6 feet of. This way, should you become infected, it can inform those people, track if they become infected too and, if so, find the people they have been near. This way, it can quickly get people at risk of having the virus into isolation to prevent further spread.
While that is an admirable goal, the issue comes with the way the app works. This is because to track those you have been near to, your phone needs to broadcast its ID over Bluetooth to the phones of those in the vicinity. Unfortunately, neither Apple iOS nor Android v8 and above allow this to happen when the app is running in the background. To work, therefore, the app must be running on the screen and the screen must be unlocked and turned on. However, as most people don’t use phones this way, once you start looking at another app, or turn off your screen while your phone is in your pocket, the app will stop broadcasting and tracking. Even if you did change the settings to keep the phone awake and unlocked, it’s likely to run out of battery much quicker.
28,000 Go Daddy accounts compromised
One of the world’s major hosting providers, Go Daddy, has confirmed that a cyberattack has compromised the SSH credentials of around 28,000 of its customers’ hosting accounts. SSH or Secure Shell is a cryptographic network protocol used for operating network services securely. It enables customers to log in with their username and password or username and public/private key.
The Go Daddy breach is likely the result of an attacker placing a public key on user accounts, an action that would still give them access even if the user changed their account password. In response, GoDaddy has updated account usernames and passwords and removed the offending public key to prevent unauthorised SSH access to websites.
Compromised users, however, are still left with other concerns. These include the potential for stolen database passwords to be used by attackers to control a site via a remote database connection and the possibility that unauthorised admin accounts could have been created.
1 million WordPress sites attacked
The Threat Intelligence Team at Wordfence, a leading WordPress security plugin, has just issued a press release about a spate of major attacks on over a million WordPress websites. It claims that over the last week the number of Cross-Site Scripting (XSS) attacks has increased 30-fold. On May 3rd alone, 20 million attack attempts were made on half a million separate WordPress sites.
Wordfence believes the attacks have been undertaken by a single attacker attempting to inject malicious JavaScript. Once injected, it inserts a backdoor into a site’s header and redirects visitors to malicious advertising sites. The same attacker is also exploiting other vulnerabilities which enables them to change a site’s homepage to the same mal-advertising domain used in the XSS attack.
Apparently, all the vulnerabilities exploited by the attacker have been patched for some time, so users should be safe if they have updated to the latest versions. The main vulnerabilities targeted were in the following plugins: Easy2Map, Blog Designer, WP GDPR Compliance and Total Donations. The Newspaper theme was also attacked. This, however, is not a comprehensive list, so make sure all your plugins and themes are up to date.
Visit the WHUK website for more news, knowledge base articles, blog posts and information on our wide range of hosting services.
