Subj : ChatGPT security flaw could open the gate for devastating cyberat
To   : All
From : TechnologyDaily
Date : Wed Jan 22 2025 15:15:07

ChatGPT security flaw could open the gate for devastating cyberattack, expert 
warns

Date:
Wed, 22 Jan 2025 15:10:00 +0000

Description:
Expert warns of method to make ChatGPT run a distributed denial of service 
attack.

FULL STORY
======================================================================A 
ChatGPT API can be given an unlimited number of URLs, even if they're 
duplicates, expert warns If it tries to run the commands, it will create a 
huge volume of HTTP requests Researchers urge OpenAI to put safeguards in 
place 

Experts have warned there is a way to make OpenAIs ChatGPT service engage in 
Distributed Denial of Service ( DDoS ) attacks on threat actors behalf. 

A report from cybersecurity researcher Benjamin Flesch noted the problem lies 
in ChatGPTs APIs handling of HTTP POST requests to a specific endpoint. That 
endpoint allows the user to provide a series of links through the urls 
parameter - without any limits. 

So, in theory, a threat actor could include thousands of hyperlinks in a 
single request - all pointing to the same server, or address. As a result, 
OpenAIs servers will create a huge volume of HTTP requests to the victims 
website, resulting in a denial of service. Abusing AI 

The solution, according to Flesch, is relatively simple - all OpenAI needs to 
do is implement stringent limits on the number of URLs a person can submit. 
The company should also make sure duplicate requests are limited. Finally, by 
adding rate-limiting measures, potential abuse could be prevented. 

This is not the first time people found ways to abuse Generative AI (GenAI) 
tools, and most likely wont be the last. 

So far, though, miscreants have only focused on abusing the actual tool, not 
the underlying infrastructure. Security researchers have seen ChatGPT and 
other similar tools get tricked into writing malware code, generating 
convincing phishing emails, or instructing how to make an explosive device. 

OpenAI, as well as the developers of other tools, have been working hard to 
include various defense mechanisms, safeguards, and blocks, to prevent the 
misuse of their GenAI solutions. By large, they have been successful, since 
the tools will no longer respond favorably to certain requests. However, this 
has spawned an entirely new sport called GenAI jailbreaking, in which hackers 
compete in bypassing the ethical, safety, and usage restrictions imposed on 
generative AI systems. 

 Via SiliconANGLE You might also like Fraudsters may abuse ChatGPT and Bard 
to pump out highly convincing scams Here's a list of the best antivirus tools 
on offer These are the best endpoint protection tools right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/chatgpt-security-flaw-could-open-the-ga
te-for-devastating-cyberattack-expert-warns


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.