Jesse (00:00): RNZ's National Time for Tech. Tuesday I'm joined by Daniel Watson from Vertech IT Services, who picks a different topic each week and goes deep. And Dan joins me now. Hi Dan.
Daniel (00:11): Good Day Jesse.
Jesse (00:12): And you're talking about a bit of controversy in the art world this week.
Daniel (00:16): Oh yeah, quite. Yeah. The thing that came to mind was you, you've seen these computer generated images and they have been, well, just to describe them, the idea is that you can train artificial intelligence to put together an image and they have very powerful models and you can essentially give it a few keywords and the program will generate an image. Now, it's not like anything you're probably thinking of before, but it can produce some quite trippy dream scapes, although that might just be where people are going. But you can give it all sorts of words and it'll come up with some fantastical images. And because they're so well created in terms of digital high resolution, they are quite stunning images and people have been posting them into competitions and as their own art, which is kind of a bit unethical. But if also if it's creating images that people appreciate and consider to be beautiful or thought provoking, then it is art. It's just not art from the hands of a human.
Jesse (01:32): The people-
Daniel (01:32): Subtle distinction, I guess for-
Jesse (01:33): The people entering these contests, I think would say that they're being quite transparent about what they use them. They're not hiding the fact that they're using AI to create this art. But yeah, I think some of the other artists have been a bit like, Well, if I'm putting all this human effort and labor into my art and you are just typing a few words into an AI robot artist, then that's sort of apple's oranges, isn't it?
Daniel (01:59): Yeah. I just had a bit of a thought there. Wonder if there'll be such a thing as computer veganism. I shall not consume the art created by hands, which are not my own.
Jesse (02:08): Oh, right. Yeah. Interesting.
Daniel (02:11): We'll coin that.
Jesse (02:13): Yeah. And they've also made the point that, look, what's the difference between using this as a digital tool and other photographers who are using, say, Photoshop or other digital tools, just this one happens to be more powerful. But I think there is a extension. Yeah. I mean think, but obviously these competitions will have to start having different categories for people who are using AI. Surely,
Daniel (02:40): Because there are people who do spend a lot of time and effort in creating digital art. And I've seen a few of those and they are quite impressive. And it is in any kind of art where there is skill that goes into it is worth appreciating. Maybe there's some kind of intersection here with NFTs where you can get a premium for having it human generated rather than algorithmically.
Jesse (03:02): Yeah. Because competition aside, I think artists probably or have said that they are worried that they might be put out of a job if a computer can create something as beautiful as a human artist can create. I mean that's digitization of roles has been a problem in all sorts of industries, just never art before.
Daniel (03:23): I don't think it's much of a self to their conscious that the art of a computer generated artificial intelligence is unlikely to increase with the value after they die if the power supply goes out on the server. Simply the same.
Jesse (03:39): Is it reminds me of the conversation that they were having about actors maybe 10 years ago, that if they can digitally create actors for movies, what's the point in having Hollywood super stars? Although that doesn't seem to have happened. Really does.
Daniel (03:52): Oh, was it James Earl Jones, the voice of Darth Vader? Yeah. He's just a recently announced he's retiring and the voice of Darth Vader and what's going to be endless sequels after this is going to be artificially generated. Yeah, well there we go. So we are entering a whole new phase of art and into the future, but I guess we'll see what the consequences of this will be playing out.
Jesse (04:19):Meanwhile, Dan, you've noticed a couple of big hacks going on. Tell us about these.
Daniel (04:24): Yeah, yeah. So just in the last couple of weeks is there was the Uber hack and the Optus hack, and I thought the Uber hack was worth mentioning, right? Because what it was, it was a social engineering attack against one of the staff members of Uber. And in order to get into their, their VPN, the remote access into the Uber's computer systems, which most a lot of people who are working remotely will be familiar with that idea. And you, they're going, well, didn't they have two factor authentication on it. Well the answer is they did. The thing is that there is now what appears to be a new common way of defeating some two factor authentication methods is this is a model known as MFA fatigue, right? So if you're logging into a system and in order to get the second factor besides the user name password, they send you a push notification, right?
Jesse (05:21): Yes. A lot of people listening will have that. If I log into one of my email accounts on a computer, I'll get a little prompt on my phone saying, Is this you and I could yes or no?
Daniel (05:32): Yeah. Yeah, that's right. And if it's you, generally it's not. So apparently the target of employee was spammed with these constantly for over an hour, right? So if your computer is bugging you constantly or your phone is bugging you with the thing, sooner or later, somebody who's just going to go accept Yeah, it must be some problem with IT.
Jesse (05:55): Ah, Yeah. Trying to make it go away
Daniel (05:57): And then they're in. Yeah. And then once they're in, there was additional things that made it way too easy for them to get into administrator rights within the system. I won't go into those, but that's probably the key thing. And what do you do if you're in that situation? Well, the answer is not nothing. And the answer is not click accept. Right. The answer is talk to your IT people and letting them know that this is happening to you right now. Right. Because that is indication that they need to do something about it. Or they can go, right, okay, we're just going to block road access to your account until we can sort this out or something. But I just wanted to flag that up because it's worth putting that out to people so they're aware that this is a way that they can be socially engineered and to give in the hacker of what they want.
Jesse (06:45): And I don't find that hard to believe at all. We've got software on our systems here at RNZ that you'll open up Outlook and it'll ask you a question that you don't really understand and so you click no and it pops up again. So you click no, no, no. Obviously no's the wrong answer. I better try Yes instead. Not really hard how that might have happened.
Daniel (07:05): Yeah. Yeah. So it's quite understandable. And so we can't get, It's not because of somebody were being stupid or negligent, hardly ever the case usually is the case that you just find yourself in the wrong position at the wrong time, the wrong kind of mood and it's too much to deal with. So just get out of my hair, make it gone. Whereas what I just want to reinforce message piece, contact your IT people and let know what's happening because it's better to act than not to act. And even if it's a nearness, that is useful information for your security team to go there's a point of data that we can use for thinking about how can we make this more secure next time?
Jesse (07:43): And not to expose the inner workings of the RNZ tech team. But if I send something to the help desk and it says, Your thing has been logged, we'll get back to you within whatever, Is there likely to be someone there who's looking out for an urgent one, the one that you are talking about versus just Jesse, would you know, like to change his task bar to add something in something which is non-urgent? Are they filtered at all?
Daniel (08:08): Look, I think in most situations where most service desks, if it's urgent and generally anything to do a security, I'd consider urgent for urgent attention, the best thing you can do is pick up the phone and actually call them and say, Hey, hey, hey, hey, hey, I need help. Because it could be time sensitive. You may have already clicked on something and now you're hoping to wind it back and then the clocks, the clock starts ticking from the moment you've clicked it. So sending an email generally will be treated as less urgent by most. IT help desks out there if you can. If they've got a telephone number, give them a bell. You can always send them an email with a screenshot later, fine. But if, pick up the phone and start talking to your tech team as soon as you can.
Jesse (08:55): Great. I just have to work out how the phones work. Thanks very much, Dan. Nice to talk to you. Really appreciate it. That's Daniel Watson from Vertech IT Services with our fortnightly Tech Tuesday.
Have you had a security incident in the past and you have a nagging feeling that not much has changed to prevent it happening again?
See our cybersecurity services
Explore our co-managed IT services
Need help with process optimization?
Join our systems coaching