In today’s rapidly evolving digital landscape, safeguarding sensitive information has become a top priority for organizations across the globe. As technology advances, so do the threats to data security. This is where Artificial Intelligence (AI) steps in as a powerful ally in fortifying information security policies.

The real motivation for this article was to create an A.I/GPT security policy that would entail the do’s and don’ts while using this kind of technology. Of course, I expected to have a well written and complete document that would not only save me time but also give me additional insights on how to use it. In this blog post, I want to explore how AI, in the form of ChatGPT and Google Bard can (or cannot) be  harnessed to strengthen and streamline the creation of information security policies.

Before going into the results, let me start by saying that the intent (initially) was not to compare ChatGPT against Bard but the outcome was so bad for both of them that I could not avoid looking and sizing each one’s performance.

The prompt

Here’s the prompt that I used for ChatGPT and Bard

Write an information security policy for the usage of GPT and artificial intelligence

ChatGPT performance

The chatGPT answer for the prompt was a simple and short policy that could be used to start something but definitely not a serious document. It encompassed essential terms such as roles, responsibilities, compliance, data privacy and incident handling but missed entirely the topics that would discuss what can or cannot be done when using such tools.

The content of the topics that were handled by the document structure clearly uses the words “A.I” and “GPT” as placeholders to be put at the end of each sentence. Yes, I tried to generate similar policies using smaller differences in the prompts, replacing the words GPT and AI for words such as “cats”, “dogs”, “rocks” etc. The result was, with few nuances here and there, almost the same.

Google Bard’s performance

Google Bard for some reason, gives a much bigger response when the prompt was written in portuguese (don’t know why). The answer to the very same prompt was even shorter and standardized than for chatGPT. It included predefined sections encompassing the purpose, scope, principles, responsibilities, and security requirements.

What distinguishes Google Bard is a section labeled “Specific Considerations for…,” which provides valuable details specific to the policy being requested. When prompted with variations involving “cats and dogs,” “rocks,” and “sound technologies,” it offered insights related to factors such as weight, size, sharp edges, behavior, training, and health – THAT was what I was looking for! Specifics!

It’s worth noting that Google Bard appears to use a consistent template for generating information security policies. While it mainly modifies the section that pertains to specifics, it provides a clearer and more relevant response compared to simply replacing words as ChatGPT does.

Conclusion

In conclusion, both ChatGPT and Google Bard (sucks) fall short in generating comprehensive information security policies. While they may be valuable for individuals with limited experience or those seeking a starting point, they are not suitable for creating serious and thorough documents. Google Bard, with its template and specific considerations, exhibits a slightly better performance. It is clear in its approach and offers more relevant information for the intended policy. In contrast, ChatGPT’s performance is less refined and versatile, relying on straightforward word substitution. However, there is room for improvement in both AI models to provide more sophisticated and tailored responses for information security policy creation.

Recently I bought a 4 bay NAS equipment to store movies and whatnot. Ater a few rounds of googling I found that the device has some features and apps that were added by the community such as Plex and CouchPotato available here.

Documentation is not the best out there, but I eventually discovered that the entware package is required for most of the enhancements that you may want to add to the thing, so install it first. Ok, onto the installation of the CouchPotato that would enable me download the movies I want according to my preferences. Uploaded the binary code and it says it did its thing, but the service never came up. Interesting.

Well, basic troubleshooting indicated that the service related to the CouchPotato was no up. Checked the default couchpotato port 5050 and there was nothing there. The PR4100 saves all new softwares that you add on to the first bay disk in a folder called “/shares/Volume_1/Nas_Prog”.  Great! Found the couchpotato folder and started looking around. There is a bunch of scripts in there. One in particular says “start.sh”. Tried to run it and BAM! the error appeared.

Python not found? What the hell? Let’s check where python is. I used the command “find” because there was no  “whereis” command in this thing.

Alright so there is a python 2.7 installed but the name is a bit different from what the script is calling. Ok then.. lets adjust the “start.sh” script to have the proper python name and location.

Changed the “PYTHON_DIR” and PYTHON variable to reflect the correct path and name of python.

Done.

Now the service should come up for you as it did for me!

Logstash is not the best system at letting one know what is wrong or why it is giving you errors. In my case, I have set a Elasticsearch index template to be pushed during the creation process and Logstash was giving me this error at initialization. Continue…

It was saturday afternoon and I was bored! I had just upgraded the family notebook with a new SSD hard drive and a more memory. It makes a great difference and I recommend you to do it as well, if you have a slow Intel I3 notebook around. While I was setting it up the idea of a calculating one´s crazyness hit me. Here it is.

Continue…

In my research I wanted to process each frame of a given video individually and also know some details about it. Here is the code I created to achieve it. The code in python will extract all the frames of the video and store it in a folder given as parameter. Im using OpenCV to get the video details and extract the frames and threads to do it quickly.

Continue…

While writing for my master I wrote a series of codes in python to achieve what I wanted, such asslicing the video in small frames, generate the hash for each image and compare the hamming distance of each hach. Here is the piece where I compare the two values and generate the hamming distance of it. Continue…

Author: Torres,A.; Demanboro A.C.

Abstract

With the event of the Internet, video and image files are widely shared and consumed by users from all over the world. Recent studies point out that one out of two internet users have engaged in activities classified as illicit. Unauthorized copy, distribution or publishing of digital content without the proper rights holder consent is what is commonly called piracy. Those that profit from digital piracy ignore the intellectual property laws and copyrights from the owners, programmers, distributors and many others that live and depend on the economic value of these assets. Methods to identify these files have emerged to preserve intellectual and commercial rights such as content-based identification techniques also known as perceptual hashing. With said techniques a unique identifier is generated making possible to compare two images or videos and decide if they are equal, similar or different. This article has as objective to discuss the application of content-based identification technologies as a method to fight piracy, presenting a framework where perceptual hashing can be used to prevent publishing and/or distribution of video content. The methodology proposed is to combine four types of perceptual hash (ahash, dhash, phash, whash) to make it possible to identify illegal videos with more accuracy. The results are encouraging, considering the most common forms of attacks.

Index Terms: Content-Based Identification, Piracy, Security, Intellectual Property

Continue…

Im working in a project where I have to simulate traffic to certain website sites. The solution had to be simple and while python would be the obvious choice bash was right there with wget to be used with less lines and libs than python.

Continue…

Was trying to read some Sflow in logstash and noticed that the plugin does not come installed by default. It brings netflow in its plugins but no Sflow.. on to install it.

Continue…

The phrase “Choose your love and Love your choice” was said in 2011 by Thomas S.Monson, it has to do with marriage and love and fidelity but it made much more sense to me this last days when I decided to move away from Iphone\iOS and go to Android. Then I paraphrased Thomas with the following: Choose your Ecosystem and love your choice.

Continue…