Enlarge / An AI-generated photo of Pope Francis wearing a puffy white coat that went viral on social media. (credit: @skyferrori on Twitter )

Over the weekend, an AI-generated image of Pope Francis wearing a puffy white coat went viral on Twitter, and apparently many people believed it was a real image. Since then, the puffy pontiff has inspired commentary on the deceptive nature of AI-generated images, which are now nearly photorealistic.

The pope image, created using Midjourney v5 (an AI image synthesis model), first appeared in a tweet by a user named Leon ( @skyferrori ) on Saturday and quickly began circulating as part of other meme tweets featuring similar images as well, including one that humorously speculates about a pope "lifestyle brand."

Not long after, Twitter attached a reader-added context warning to the tweet that reads, " This is an AI-generated image of Pope Francis. It is not a genuine photo. "

Enlarge (credit: Getty Images)

President Joe Biden on Monday signed an executive order barring many uses by the federal government of commercial spyware, which has been increasingly used by other countries in recent years to surveil dissidents, journalists, and politicians.

The signing of the executive order came as administration officials told journalists that roughly 50 US government personnel in at least 10 countries had been infected or targeted by such spyware, a larger number than previously known. The officials didn’t elaborate.

Commercial spyware is sold by a host of companies, with the best known being NSO Group of Israel. The company sells a hacking tool known as Pegasus that can surreptitiously compromise both iPhones and Android devices using “clickless” exploits, meaning they require no user interaction. By sending a text or ringing the device, Pegasus can install spying software that steals contacts, messages, geo locations, and more, even when the text or call isn’t answered. Other companies selling commercial spyware include Cytrox, Candiru, and Paragon.

Enlarge / A photo of an IBM PC 5155 portable computer running a ChatGPT client written by Yeo Kheng Meng. (credit: Yeo Kheng Meng )

On Sunday, Singapore-based retrocomputing enthusiast Yeo Kheng Meng released a ChatGPT client for MS-DOS that can run on a 4.77 MHz IBM PC from 1981, providing a unique way to converse with the popular OpenAI language model.

Vintage computer development projects come naturally to Yeo, who created a Slack client for Windows 3.1 in 2019. "I thought to try something different this time and develop for an even older platform as a challenge," he writes on his blog. In this case, he turned his attention to MS-DOS , a text-only operating system first released in 1981, and ChatGPT , an AI-powered large language model (LLM) released by OpenAI in November.

As a conversational AI model, ChatGPT draws on knowledge scraped from the Internet to answer questions and generate text. Thanks to an API that launched his month , anyone with the programming chops can interface ChatGPT with their own custom application.

Enlarge (credit: Getty Images)

Android apps digitally signed by China’s third-biggest e-commerce company exploited a zero-day vulnerability that allowed them to surreptitiously take control of millions of end-user devices to steal personal data and install malicious apps, researchers from security firm Lookout have confirmed.

The malicious versions of the Pinduoduo app were available in third-party markets, which users in China and elsewhere rely on because the official Google Play market is off-limits or not easy to access. No malicious versions were found in Play or Apple’s App Store. Last Monday, TechCrunch reported , Pinduoduo was pulled from Play after Google discovered a malicious version of the app available elsewhere. TechCrunch reported the malicious apps available in third-party markets exploited several zero-days, which are vulnerabilities that are known or exploited before a vendor has a patch available.

Sophisticated attack

A preliminary analysis by Lookout found that at least two off-Play versions of Pinduoduo for Android exploited CVE-2023-20963, the tracking number for an Android vulnerability Google patched in updates that became available to end users two weeks ago . This privilege-escalation flaw, which was exploited prior to Google’s disclosure, allowed the app to perform operations with elevated privileges. The app used these privileges to download code from a developer-designated site and run it within a privileged environment.

Enlarge (credit: Aurich Lawson | Getty Images)

On Thursday, OpenAI announced a plugin system for its ChatGPT AI assistant. The plugins give ChatGPT the ability to interact with the wider world through the Internet, including booking flights, ordering groceries, browsing the web, and more. Plugins are bits of code that tell ChatGPT how to use an external resource on the Internet.

Basically, if a developer wants to give ChatGPT the ability to access any network service (for example: "looking up current stock prices") or perform any task controlled by a network service (for example: "ordering pizza through the Internet"), it is now possible, provided it doesn't go against OpenAI's rules.

Conventionally, most large language models (LLM) like ChatGPT have been constrained in a bubble, so to speak, only able to interact with the world through text conversations with a user. As OpenAI writes in its introductory blog post on ChatGPT plugins, "The only thing language models can do out-of-the-box is emit text."

Enlarge / I mostly recognize this early laptop from its resemblance to a similar-looking computer in the film 2010 . It's up for auction along with hundreds of other old Apple computers. (credit: Julien's Auctions)

If you've been thinking your home or workspace is perhaps deficient when it comes to old Apple hardware, then I have some good news for you. Next week, a massive trove of classic Apple computing history goes under the hammer when the auction house Julien's Auctions auctions off the Hanspeter Luzi collection of more than 500 Apple computers, parts, software, and the occasional bit of ephemera.

Ars reported on the auction in February , but Julien's Auctions has posted the full catalog ahead of the March 30 event, and for Apple nerds of a certain age, there will surely be much to catch your eye.

The earliest computers in the collection are a pair of Commodore PET 2001s; anyone looking for a bargain on an Apple 1 will have to keep waiting, unfortunately.

Enlarge / An Orbi 750 series router. (credit: Netgear)

If you rely on Netgear’s Orbi mesh wireless system to connect to the Internet, you’ll want to ensure it’s running the latest firmware now that exploit code has been released for critical vulnerabilities in older versions.

The Orbi Satellite RBS750 comprises a main hub router and one or more satellite routers that extend the network’s range. By setting up multiple access points in a home or office, they form a mesh system that ensures Wi-Fi coverage is available throughout.

Remotely injecting arbitrary commands

Last year, researchers on Cisco’s Talos security team discovered four vulnerabilities and privately reported them to Netgear. The most severe of the vulnerabilities, tracked as CVE-2022-37337 , resides in the access control functionality of the RBR750. Hackers can exploit it to remotely execute commands by sending specially crafted HTTP requests to the device. The hacker must first connect to the device, either by knowing the SSID password or by accessing an unprotected SSID. The severity of the flaw is rated 9.1 out of a possible 10.

Enlarge / Ecuadorian police tweeted this picture of officials investigating a drive mailed to a journalist in Guayaquil. (credit: Policía Ecuador/Twitter )

It's no secret that USB flash drives, as small and unremarkable as they may look, can be turned into agents of chaos. Over the years, we've seen them used to infiltrate an Iranian nuclear facility , infect critical control systems in US power plants, morph into programmable, undetectable attack platforms , and destroy attached computers with a surprise 220-volt electrical surge . Although these are just a few examples, they should be enough to preclude one from inserting a mysterious, unsolicited USB drive mailed to them into a computer. Unfortunately, one Ecuadorian journalist didn't get the memos.

As reported by the Agence France-Presse (via CBS News ) on Tuesday, five Ecuadorian journalists have received USB drives in the mail from Quinsaloma. Each of the USB sticks was meant to explode when activated.

Upon receiving the drive, Lenin Artieda of the Ecuavisa TV station in Guayaquil inserted it into his computer, at which point it exploded. According to a police official who spoke with AFP, the journalist suffered mild hand and face injuries, and no one else was harmed.

Enlarge / An Adobe Firefly AI image generator example. (credit: Adobe)

On Tuesday, Adobe unveiled Firefly, its new AI image synthesis generator. Unlike other AI art models such as Stable Diffusion and DALL-E , Adobe says its Firefly engine, which can generate new images from text descriptions, has been trained solely on legal and ethical sources, making its output clear for use by commercial artists. It will be integrated directly into Creative Cloud, but for now, it is only available as a beta.

Since the mainstream debut of image synthesis models last year, the field has been fraught with issues around ethics and copyright. For example, the AI art generator called Stable Diffusion gained its ability to generate images from text descriptions after researchers trained an AI model to analyze hundreds of millions of images scraped from the Internet. Many (probably most) of those images were copyrighted and obtained without the consent of their rights holders, which led to lawsuits and protests from artists .

To avoid those legal and ethical issues, Adobe created an AI art generator trained solely on Adobe Stock images, openly licensed content, and public domain content, ensuring the generated content is safe for commercial use. Adobe goes into more detail in its news release :