Send Link mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.anu.edu.au/mailman/listinfo/link
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Link digest..."
Today's Topics:
1. Aussie gov trial of Microsoft AI Copilot (Stephen Loosley)
2. Wired: 'Typhoon Spies Hack Cisco Routers' (Roger Clarke)
----------------------------------------------------------------------
Message: 1
Date: Thu, 13 Feb 2025 23:56:06 +1030
From: Stephen Loosley <[email protected]>
To: "link" <[email protected]>
Subject: [LINK] Aussie gov trial of Microsoft AI Copilot
Message-ID: <[email protected]>
Content-Type: text/plain; charset="UTF-8"
After Copilot trial, Australian government staff rated Microsoft's AI less
useful than expected
Not all bad news for Redmond as the government agency also found strong ROI and
some unexpected upsides
By Simon Sharwood Wed 12 Feb 2025
https://www.theregister.com/2025/02/12/australian_treasury_copilot_pilot_assessment/
Australia?s Department of the Treasury has found that Microsoft?s Copilot can
easily deliver return on investment, but staff exposed to the AI assistant came
away from the experience less confident it will help them at work.
The Department conducted a 14-week trial of Microsoft 365 Copilot during 2024
and asked for volunteers to participate. 218 put up their hands and then
submitted to surveys about their experiences using Microsoft?s AI helpers.
Those surveys are the basis of an evaluation report published on Tuesday ..
https://evaluation.treasury.gov.au/publications/evaluation-generative-artificial-intelligence
The report reveals that after the trial participants rated Copilot less useful
than they hoped it would be, as it was applicable to fewer workloads than they
hoped would be the case.
Participant ratings of Copilot?s impact on work quality .. (graphics)
Usage of Copilot was lower than expected, with most participants using it two
or three times a week, or less. reported using Copilot 2?3 times per week or
less.
Treasury thinks it probably set unrealistically high expectations before the
trial, and noted that participants often suggested extra training would be
valuable.
The trial proposed four use cases for Copilot - generating structured content,
supporting knowledge management, synthesising and prioritising information, and
undertaking process tasks - and participants agreed they were appropriate.
But the report also found they also emerged with the belief that ?Copilot was
not appropriate for more complex tasks, mostly due to the limitations of the
product itself.?
The tasks participants felt Copilot handled best were ?finding and summarising
information, generating meeting minutes, knowledge management and drafting
content?. The report describes those as ?basic administrative tasks?.
But saving even a little time on such tasks can pay off: the report finds that
if Copilot saves 13 minutes a week for mid-level workers, it will pay for
itself.
Other News:
Microsoft 365 price rises are coming ? pay up or opt out (if you can find
the button)
You begged Microsoft to be reasonable. Instead it made Copilot reason-able
with OpenAI GPT-o1
Why is Big Tech hellbent on making AI opt-out?
Microsoft teases Copilot Vision, the AI sidekick that judges your tabs
Other findings Microsoft will likely appreciate include the unanticipated
benefit that Copilot displayed helped ?to contribute to accessibility and
inclusion for neurodivergent and part-time staff, or those experiencing medical
conditions that require time off work.?
The AI assistant did so by producing automatic summaries of missed meetings and
?levelling the playing field for those who struggle to navigate workplace norms
or culture.? Some staff therefore reported ?a small increase in work
confidence?, with junior or recent hires more likely to express such sentiments.
Treasury?s learnings from the pilot include more careful selection of staff who
use Copilot, the need for more consideration of necessary training on how to
use AI and the risks of doing so, and the desirability of ongoing monitoring to
test AI?s impact in the workplace.
Another finding suggests as-a-service AI might not be appropriate for agencies
like Treasury.
?While security of protected government data and advice is of upmost
importance, ideally the core functions of a generative AI product should work
alongside security requirements,? the report states. ?It is not clear whether
products are likely to evolve over time to meet Treasury?s strict security
needs, or whether Copilot itself will continue to evolve to incorporate
external information into its outputs without feeding the algorithm with
internal Treasury data.?
That opinion suggests orgs that handle sensitive information will likely do
better with on-prem AI infrastructure.
---
------------------------------
Message: 2
Date: Fri, 14 Feb 2025 08:41:56 +1100
From: Roger Clarke <[email protected]>
To: link <[email protected]>
Subject: [LINK] Wired: 'Typhoon Spies Hack Cisco Routers'
Message-ID: <[email protected]>
Content-Type: text/plain; charset=UTF-8; format=flowed
China?s Salt Typhoon Spies Are Still Hacking Telecoms?Now by Exploiting
Cisco Routers
ANDY GREENBERG
Wired
FEB 13, 2025 12:00 AM
https://www.wired.com/story/chinas-salt-typhoon-spies-are-still-hacking-telecoms-now-by-exploiting-cisco-routers/
...
> To carry out this latest campaign of intrusions, Salt Typhoon?which
Recorded Future tracks under its own name, RedMike, rather than the
Typhoon handle created by Microsoft?has targeted the internet-exposed
web interfaces of Cisco's IOS software, which runs on the networking
giant's routers and switches. The hackers exploited two different
vulnerabilities in those devices' code, one of which grants initial
access, and another that provides root privileges, giving the hackers
full control of an often powerful piece of equipment with access to a
victim's network.
>
> ?Any time you're embedded in communication networks on infrastructure
like routers, you have the keys to the kingdom in what you're able to
access and observe and exfiltrate,? Gundert says.
>
> Recorded Future found more than 12,000 Cisco devices whose web
interfaces were exposed online, and says that the hackers targeted more
than a thousand of those devices installed in networks worldwide. Of
those, they appear to have focused on a smaller subset of telecoms and
university networks whose Cisco devices they successfully exploited. For
those selected targets, Salt Typhoon configured the hacked Cisco devices
to connect to the hackers' own command-and-control servers via generic
routing encapsulation, or GRE tunnels?a protocol used to set up private
communications channels?then used those connections to maintain their
access and steal data.
>
> When WIRED reached out to Cisco for comment, the company pointed to a
security advisory it published about vulnerabilities in the web
interface of its IOS software in 2023. ?We continue to strongly urge
customers to follow recommendations outlined in the advisory and upgrade
to the available fixed software release,? a spokesperson wrote in a
statement.
______
That range a bell.
In an interview with IEEE Spectrum, many years ago, I speculated that
not only would Chinese-manufactured backbone routers contain trapdoors
for the PRC to exploit, but that Cisco and Juniper would have no
alternative but to comply with the same requirement.
I expressed concern that normal economic path-of-least-resistance would
mean that those trapdoors would end up in the backbone routers sold
everywhere else in the world, with or without any intent on the part of
Cisco, Juniper or the NSA.
Ah, I archived the article. Steven Cherry wrote on 1 Jun 2005:
http://www.rogerclarke.com/II/Cherry-2005.pdf
> ... The issue of how China continues to censor its Internet, even as
its infrastructure becomes vastly more sophisticated, has implications
beyond what ideas China?s populace?almost one-fifth of humanity?will be
allowed to tap into. For one thing, if censorship technology flourishes
in China, it will be easier and cheaper for it to also take root
elsewhere. ?The concern I have is that this is laying the foundation for
a much more intrusive and censorship-friendly Internet infrastructure
for all countries,? says Roger Clarke, a consultant in Canberra,
Australia, affiliated with the Australian National University. ?The
features that China wants installed in intermediating devices and
software will gradually find their way into all of the suppliers?
products, if only because it?s cheaper that way.?
...
> In an interview, [journalist Ethan] Gutmann reiterated a charge
documented in his book that China ?could not have controlled this
radical new means of communication without overwhelming technical
assistance from North American corporations.? In his book he quotes,
among other sources, unnamed Cisco representatives and a non-Cisco
Internet engineer, identified only as Wen, who all claim that Cisco
modified its equipment and software at the censors? bidding.
(I wasn't aware of Gutmann's book at the time. ]
--
Roger Clarke mailto:[email protected]
T: +61 2 6288 6916 http://www.xamax.com.au http://www.rogerclarke.com
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Visiting Professorial Fellow UNSW Law & Justice
Visiting Professor in Computer Science Australian National University
------------------------------
Subject: Digest Footer
_______________________________________________
Link mailing list
[email protected]
https://mailman.anu.edu.au/mailman/listinfo/link
------------------------------
End of Link Digest, Vol 387, Issue 7
************************************
