Enlarge / An Adobe Firefly AI image generator example. (credit: Adobe)

On Tuesday, Adobe unveiled Firefly, its new AI image synthesis generator. Unlike other AI art models such as Stable Diffusion and DALL-E, Adobe says its Firefly engine, which can generate new images from text descriptions, has been trained solely on legal and ethical sources, making its output clear for use by commercial artists. It will be integrated directly into Creative Cloud, but for now, it is only available as a beta.

Since the mainstream debut of image synthesis models last year, the field has been fraught with issues around ethics and copyright. For example, the AI art generator called Stable Diffusion gained its ability to generate images from text descriptions after researchers trained an AI model to analyze hundreds of millions of images scraped from the Internet. Many (probably most) of those images were copyrighted and obtained without the consent of their rights holders, which led to lawsuits and protests from artists.

To avoid those legal and ethical issues, Adobe created an AI art generator trained solely on Adobe Stock images, openly licensed content, and public domain content, ensuring the generated content is safe for commercial use. Adobe goes into more detail in its news release:

Enlarge / Ecuadorian police tweeted this picture of officials investigating a drive mailed to a journalist in Guayaquil. (credit: Policía Ecuador/Twitter)

It’s no secret that USB flash drives, as small and unremarkable as they may look, can be turned into agents of chaos. Over the years, we’ve seen them used to infiltrate an Iranian nuclear facility, infect critical control systems in US power plants, morph into programmable, undetectable attack platforms, and destroy attached computers with a surprise 220-volt electrical surge. Although these are just a few examples, they should be enough to preclude one from inserting a mysterious, unsolicited USB drive mailed to them into a computer. Unfortunately, one Ecuadorian journalist didn’t get the memos.

As reported by the Agence France-Presse (via CBS News) on Tuesday, five Ecuadorian journalists have received USB drives in the mail from Quinsaloma. Each of the USB sticks was meant to explode when activated.

Upon receiving the drive, Lenin Artieda of the Ecuavisa TV station in Guayaquil inserted it into his computer, at which point it exploded. According to a police official who spoke with AFP, the journalist suffered mild hand and face injuries, and no one else was harmed.

Enlarge / An Orbi 750 series router. (credit: Netgear)

If you rely on Netgear’s Orbi mesh wireless system to connect to the Internet, you’ll want to ensure it’s running the latest firmware now that exploit code has been released for critical vulnerabilities in older versions.

The Netgear Orbi mesh wireless system comprises a main hub router and one or more satellite routers that extend the network’s range. By setting up multiple access points in a home or office, they form a mesh system that ensures Wi-Fi coverage is available throughout.

Remotely injecting arbitrary commands

Last year, researchers on Cisco’s Talos security team discovered four vulnerabilities and privately reported them to Netgear. The most severe of the vulnerabilities, tracked as CVE-2022-37337, resides in the access control functionality of the RBR750. Hackers can exploit it to remotely execute commands by sending specially crafted HTTP requests to the device. The hacker must first connect to the device, either by knowing the SSID password or by accessing an unprotected SSID. The severity of the flaw is rated 9.1 out of a possible 10.

Enlarge / I mostly recognize this early laptop from its resemblance to a similar-looking computer in the film 2010. It’s up for auction along with hundreds of other old Apple computers. (credit: Julien’s Auctions)

If you’ve been thinking your home or workspace is perhaps deficient when it comes to old Apple hardware, then I have some good news for you. Next week, a massive trove of classic Apple computing history goes under the hammer when the auction house Julien’s Auctions auctions off the Hanspeter Luzi collection of more than 500 Apple computers, parts, software, and the occasional bit of ephemera.

Ars reported on the auction in February, but Julien’s Auctions has posted the full catalog ahead of the March 30 event, and for Apple nerds of a certain age, there will surely be much to catch your eye.

The earliest computers in the collection are a pair of Commodore PET 2001s; anyone looking for a bargain on an Apple 1 will have to keep waiting, unfortunately.

Enlarge (credit: Aurich Lawson | Getty Images)

On Thursday, OpenAI announced a plugin system for its ChatGPT AI assistant. The plugins give ChatGPT the ability to interact with the wider world through the Internet, including booking flights, ordering groceries, browsing the web, and more. Plugins are bits of code that tell ChatGPT how to use an external resource on the Internet.

Basically, if a developer wants to give ChatGPT the ability to access any network service (for example: “looking up current stock prices”) or perform any task controlled by a network service (for example: “ordering pizza through the Internet”), it is now possible, provided it doesn’t go against OpenAI’s rules.

Conventionally, most large language models (LLM) like ChatGPT have been constrained in a bubble, so to speak, only able to interact with the world through text conversations with a user. As OpenAI writes in its introductory blog post on ChatGPT plugins, “The only thing language models can do out-of-the-box is emit text.”

Enlarge (credit: Getty Images)

Android apps digitally signed by China’s third-biggest e-commerce company exploited a zero-day vulnerability that allowed them to surreptitiously take control of millions of end-user devices to steal personal data and install malicious apps, researchers from security firm Lookout have confirmed.

The malicious versions of the Pinduoduo app were available in third-party markets, which users in China and elsewhere rely on because the official Google Play market is off-limits or not easy to access. No malicious versions were found in Play or Apple’s App Store. Last Monday, TechCrunch reported that Pinduoduo was pulled from Play after Google discovered a malicious version of the app available elsewhere. TechCrunch reported the malicious apps available in third-party markets exploited several zero-days, vulnerabilities that are known or exploited before a vendor has a patch available.

Sophisticated attack

A preliminary analysis by Lookout found that at least two off-Play versions of Pinduoduo for Android exploited CVE-2023-20963, the tracking number for an Android vulnerability Google patched in updates that became available to end users two weeks ago. This privilege-escalation flaw, which was exploited prior to Google’s disclosure, allowed the app to perform operations with elevated privileges. The app used these privileges to download code from a developer-designated site and run it within a privileged environment.

Enlarge (credit: Getty Images | Future Publishing)

Portions of Twitter’s source code recently appeared on GitHub, and Twitter is trying to force GitHub to identify the user or users who posted the code.

GitHub disabled the repository on Friday shortly after Twitter filed a DMCA (Digital Millennium Copyright Act) takedown notice but apparently hasn’t provided the information Twitter is seeking. Twitter’s DMCA takedown notice asked GitHub to provide the code submitter’s “upload/download/access history,” contact information, IP addresses, and any session information or “associated logs related to this repo or any forks.”

The GitHub user who posted the Twitter source code has the username “FreeSpeechEnthusiast,” possibly a reference to Twitter owner Elon Musk casting himself as a protector of free speech.