So, I've been playing with ChatGPT today and, as is often the case, it is really confidently wrong.

LLM/AI tools have genuine value but it concerns me that whenever I ask a question I already know the answer to, it gives very misleading responses.

Now a lot of this is because the internet data is inconsistent - but that really does highlight LLM is basically "Let me google that for you".

In this case, it was convinced you can set the backlog size in the auditd.conf file - I assume because someone has implied it somewhere on Stackoverflow. But you can't. This is set in the audit.rules. It gets weirder when it claims the max_log_file_action can be set to a size in KB. This is just not true.

Don't blindly trust AI.

#DFIR #Infosec #Linux #AI #audit #auditd

It looks like twitter still isn't recovered... the rate limit has switched from stopping you viewing, to stopping you posting or messaging...

Either that or my android app is a bot now.

Following on from my previous poll, I asked ChatGPT about MACE vs MACB timestamps.

It has basically invented the answer. The work it cites is a real document, written by Dan Farmer and Wietse Venemea, but it was a Usenet post in 1993 and made absolutely no references to timestamps.

https://www.dcs.ed.ac.uk/home/rah/Resources/Security/admin_guide_to_cracking.pdf

It seems like ChatGPT made up an answer and then found an approximate reference to make it look legitimate, without checking what the reference included.

To this extent, ChatGPT is basically like most humans in a discussion...

UK Salary nonsense is raising its head again. The UK Treasury is trying to find a Head of Cyber Security for UK£55k. That's.... well... it's.....

I have no words.

Cost of living is definitely a thing, which seems to confuse a lot of US people when they see UK salaries. In *very general* terms, getting £100k is similar to getting US$200k.

But even so, this is terrible.

Yes, I am simplifying but, *most* people in the UK on £100k a year will have a lifestyle similar to, if not better than, most people in the US living on US$200k a year.

And, yes, you will absolutely find a lot of exceptions to that. Well done.

But this is a different problem. It is a senior role, whatever LinkedIn says. It needs someone to be in the most expensive city in the country (at least some of the time) and it needs them to have the knowledge & experience to defend a Critical National Infrastructure target.

It is a Civil Service role, so the current crazy thinking about "overpaid civil servants" and our weird government obsession with cutting all public-paid salaries except their own has an impact.

But this is a significant problem. It really is.

If they have any competent staff left, this needs to be on the Risk Register in BIG letters as a significant, but complex, risk.

For a start, hiring. Who can you hire? Anyone with the skills & knowledge for this role can get 2-3x as much with almost no effort.

I mean, I got more than this for a mid-senior government role with no civilian-world experience 14 years ago.

Whoever they hire for this role is LIKELY to have bluffed something. Or they are going to bounce & just want it for a year or two to improve their CV.

That's a bit of a red flag though, as it means they don't have a strong enough CV to get a similar role... So they either messed up massively somewhere or don't have the knowledge/experience to do the job.

Back to being a bluffer.

The second risk is more financial. If Criminal Gang X want to get someone "inside" the treasury, this makes it pretty obvious that they are dirt cheap.

I am not saying people do not have morals, but if you are senior career, flat sharing with students and eating pot noodles each day and walking to work because your salary won't cover your rent *&* food *&* travel, then a criminal who offers you £100k to look the other way, is a very, very different proposition.

Why spend money buying possibly valid creds from the DarkWeb when you can just offer the Head of Security a decent meal...

I really do wish the best to whoever gets this job but the main risk (IMHO) is that if they won't pay a decent salary for the HEAD, then your staff are underpaid, undertrained, lacking in skill or experience and your security budget will be pocket money. #infosec #cybersecurity #treasury #security

There has been a noticeable increase in phishing-type attacks landing in my Gmail inbox over the last week or two. It's pretty odd because Gmail used to be awesome at eliminating them.

I've had a lot of fake delivery confirmations with "click here to reschedule" type messages, but to be fair, since I started reporting them Gmail has spam folder'd a lot more now, so might be it is just a detection rule tuning thing.

One of my favourites is someone pretending to be a US-based woman who wants to share "intimate" pictures with me. Sadly they aren't very disciplined in setting up their mail client...

Whenever they reply to my questions, the language settings "change"

People saying ChatGPT is going to give people a secret way to get answers to exams, really need to look at what it does carefully.

Pretty much everything I've ever asked has returned an incorrect answer. But often in a hard-to-notice way if you don't already know the answer.

I 100% support this and I am pretty far removed from Gen Z.

It wouldn't even cross my mind to apply for a job if they don't tell me what they are prepared to pay in advance. I wouldn't even take the call.

Awesome! I have, after LITERALLY weeks of trying, managed to get my Win 11 WSL to upgrade both the WSL version *and* the version of Ubuntu it is running.

I totally get that for most people this was a few minutes work with no issues. I did not have that pleasure.

It took me a long time to realise that even though I thought it was running with the right privs, it wasn't. As you can imagine, if I couldn't get that working, the rest was a car crash.