-->

whaust

2025年7月18日 星期五

深偽技術現形:2024香港Deepfake詐騙事件分析與防範建議

深偽技術現形:2024香港Deepfake詐騙事件分析與防範建議
Picture from : HKCert

深偽技術現形:2024香港Deepfake詐騙事件分析與防範建議

一、事件發生經過

1. 技術公開與貼近應用

2024年3月11日,HKCERT 在官方博客發表「深度偽造:有圖未必有真相」文章,揭示 深偽技術(Deepfake) 結合深度學習與影音偽造技術的應用,已廣泛出現在換臉、仿聲等場景。

2. 犯罪事件實例

2024年2月,香港首次出現 Deepfake 詐騙案。不法分子利用 YouTube 取得公司高層影音素材,偽造視訊會議畫面,冒充高層向員工下達匯款指令,造成損失達數億港元。

二、影響範圍

1. 企業及金融損失

單次詐騙即導致公司損失超過 2 億港元。詐騙過程中會議快速結束,員工難以及時查證資訊真偽。

2. 個人與聲譽風險

Deepfake 可用於製作色情誘騙、假冒名人聲音、散播錯誤訊息,甚至生成不雅影片進行勒索。即便是一般民眾也有可能成為受害者。

3. 社會信任危機

當「有片不代表真實」成為常態,將嚴重動搖公眾對影音資訊的信任,進一步影響媒體素養、法律認定與社會共識。

三、補救與防範措施

1. 會議安全驗證

  • 核實會議邀請者身份與鏈接來源
  • 要求對方即時進行特定動作(如點頭、揮手)以確認為真人

2. 觀察影音特徵

  • 聲音與畫面不同步
  • 光影不自然、膚色不協調
  • 嘴型與語音不同步、眨眼頻率異常

3. 資料隱私保護

  • 避免公開過多臉部與聲紋數據
  • 不參與陌生視訊會議
  • 避免在未驗證會議中透露敏感資料

4. 使用防偽技術工具

  • 網站與媒體可加電子水印技術
  • 提升機構與個人對 Deepfake 識別工具的使用能力

5. 提升媒體素養與教育

  • 定期進行員工培訓
  • 採用多來源資訊進行交叉比對
  • 不盲目相信影音內容

四、參考連結

Black Belt Cisco AI Strategy Quiz - presales

 

https://partnerlearning.cisco.com/new/ui/learner/training/programs/1887546992813355363/certifications

Quiz 1

1. Why is monitoring AI system latency important?

Options:

  1. Ensure system fast timely response

  2. Identify when the system needs to be rebooted

  3. Reduce the volume of processed data

  4. Increase security levels

Correct Answer: Ensure system fast timely response 


2. Why is it important to have a scalable network infrastructure for AI?

Options:

  1. Support data-intensive processes and minimize latency

  2. Simplify management of user accounts

  3. Reduce internet costs

  4. Simplify maintenance

Correct Answer: Support data-intensive processes and minimize latency


3. Which programming languages are used most often in AI development?

Options:

  1. Python and Java for their flexibility and extensive libraries

  2. C++ and Assembly for high performance

  3. PHP and Ruby for web development

  4. HTML and CSS for user interfaces

Correct Answer: Python and Java for their flexibility and extensive libraries


4. How can customers reduce risks when implementing AI?

Options:

  1. Focusing on local regulatory requirements and ignoring norms of other regions to avoid instruction conflicts

  2. Limiting the use of AI to the minimum possible

  3. Developing and implementing a strict data management and AI usage policy

  4. Avoiding the use of cloud technologies

Correct Answer: Developing and implementing a strict data management and AI usage policy


5. What characterizes reinforcement learning?

Options:

  1. Learning based on rewards and punishments

  2. Using labeled data

  3. Analyzing unstructured data

  4. Used exclusively in games

Correct Answer: Learning based on rewards and punishments

6. What principle underlies expert systems operation?

Options:

  1. True – False. Evaluates the truthfulness of data based on databases

  2. If – Then. Follows a set of predefined rules.

  3. Do – While. Determines when to stop routine processes and requests expert assistance for finding solutions.

  4. Analysis – Redirection. Analyzes the question and redirects it to the expert in the database who specializes in the relevant topic.

Correct Answer: If – Then. Follows a set of predefined rules.


7. Where did the evolution of AI begin?

Options:

  1. With attempts to mimic human thinking

  2. With attempts to merge several programs into one

  3. As a byproduct of the development of neural networks

  4. With attempts to create a better internet distribution controller

Correct Answer: With attempts to mimic human thinking


8. Why is data processing and labeling important in AI development?

Options:

  1. Ensure the accuracy and relevance of training data

  2. Reduce the volume of stored data

  3. Accelerate network connections

  4. Simplify the user interface

Correct Answer: Ensure the accuracy and relevance of training data


9. How can AI help companies manage their IT infrastructure?

Options:

  1. AI provides basic support to IT staff without affecting infrastructure management.

  2. AI reduces maintenance costs for accounting by optimizing usage

  3. AI improves performance and ensures higher security

  4. IT infrastructure helps manage AI, not the other way around

Correct Answer: AI improves performance and ensures higher security


10. What ethical challenges are associated with the development of AGI?

Options:

  1. Creating autonomous military systems

  2. Enhancing production efficiency

  3. Managing impacts on employment and social justice

  4. Improving user interfaces

Correct Answer: Creating autonomous military systems


Quiz 2


Question 1

Which of the following AI technologies directly addresses behavioral analysis and proactive threat detection?
A. automated responses
B. coordinated responses
C. threat prioritization
D. machine learning

Answer: D. machine learning


Question 2

You are speaking with a customer who is looking on adopting AI infrastructure, however they are concerned about possible sensitive data leakage during AI model development. What solution will address their security concern?
A. Complexity; the appropriate solution is Cisco Hypershield.
B. Improper use of data; the appropriate solution is Cisco Hypershield.
C. Sensitive data leakage; the appropriate solution is data loss prevention.
D. Complexity; the appropriate solution is Cisco Identity Intelligence.

Answer: C. Sensitive data leakage; the appropriate solution is data loss prevention.


Question 3

What is a primary concern for customers that the Cisco Responsible AI Framework addresses?
A. Spiraling costs of AI-based technology solutions
B. Increased complexity of AI solutions
C. Collection and use of personal data
D. Logistics in retraining employees affected by AI

Answer: C. Collection and use of personal data


Question 4

What key feature benefits organizations when incorporating AI in networking solutions?
A. Manually configured software that AI corrects in real time
B. Uncovered human error at the expense of higher costs
C. Increased automated and streamlined operations
D. Improved tracking of network downtime

Answer: C. Increased automated and streamlined operations


Question 5

In a Webex meeting today, your supervisor gave you detailed instructions on your next assignment and how to accomplish it. Which of the following Webex features will be most helpful to you when you review the recording?
A. gesture recognition
B. virtual backgrounds
C. meeting summary
D. language translation

Answer: C. meeting summary


Question 6

In which way does Cisco’s partnership with Nutanix provide a more efficient AI deployment for its customers?
A. Flashstack for AI
B. A multicloud UCS-X powered multicloud, hyperconverged solution
C. Flexpod Datacenter for AI
D. Unicloud environment UCS-X powered unicloud, hyperconverged solution

Answer: B. A multicloud UCS-X powered multicloud, hyperconverged solution


Question 7

Identify two partner concerns that Cisco CX Cloud attempts to address. (Choose two.)
A. The increasing costs of technology due to the introduction of AI
B. The need to clearly define business outcomes
C. The continuous need of retraining professionals
D. The need to reduce the complexity of planning and integrating technology
E. The need to articulate AI benefits to prospective customers

Answer: B. The need to clearly define business outcomes
D. The need to reduce the complexity of planning and integrating technology


Question 8

What are three elements of the Cisco security strategy that mitigate potential threats across an organization’s attack surface?
A. Data loss prevention, Silicon One technology, GPU security
B. Zero trust, microsegmentation, data loss prevention
C. Data loss prevention, GPU security, RMDA technology
D. Data loss prevention, zero trust, InfiniBand

Answer: B. Zero trust, microsegmentation, data loss prevention


Question 9

A manufacturing firm is implementing an AI-based software solution to simulate their production environment with the goal of improved production efficiency and reduced time-to-market for new products. What is the term for this software-based solution?
A. Supply-chain optimization
B. Intelligent quality control
C. Key performance indicator monitoring
D. Digital twin environment

Answer: D. Digital twin environment


Question 10

What is the functionality that provides visibility across the customer’s entire technology landscape?
A. AppDynamics real-time performance monitoring
B. ThousandEyes end-user monitoring
C. Cisco Full-Stack Observability
D. Cisco Hypershield

Answer: C. Cisco Full-Stack Observability

2025年7月17日 星期四

AI+ChatGPT協助未成年人闖資安禁區:3日本少年駭入楽天伺服器

濫用人工智慧違反《日本不正存取禁止法》的案件示意圖

AI+ChatGPT協助未成年人闖資安禁區:3日本少年駭入楽天伺服器

1. 事件發生經過(發生時間)

  • 時段:2024年5月至8月間,3名年僅14~16歲少年利用非法方式取得他人帳號密碼,不當登入楽天モバイル伺服器,並擅自以他人名義開通電話通信線路,共計105條該公司線路被濫用(資料來源:asahi.com)。
  • 偵查與逮捕:警方偵查發現,這三名少年前後賣出約2,500條通信線路,販售金額約合日幣750萬(約新台幣150萬元),最終於2025年2月27日將三人依違反不正存取幫助法及電腦使用詐欺罪名逮捕,具體觸犯《禁止非法存取法》與《電腦詐欺罪》。

2. 影響範圍

  • 受害數量:共有至少11名使用者的帳號被盜用,合計被用於105條新線路申請,波及個人資訊安全。
  • 社群售賣規模:線路被非法售出給犯罪團體,再經轉賣獲利,造成加密資產市場受洗錢、詐騙資金流動等影響。
  • 社會負面效應:事件揭示少年涉入網路詐欺,濫用 AI 工具(如 ChatGPT)協助犯罪,引起各界對未成年人網路素養與監控的高度關注。

3. 補救防範措施

  • 強化身份驗證機制:推動雙重身份認證(2FA),尤其在遠端登入、開通通信線路情境下加強資料核對。
  • 監控 AI 工具濫用核查:通信業者應與科技部門合作,偵測並阻止透過 AI 模型(如 ChatGPT)生成犯罪行為腳本,找出異常登入與操作模式。
  • 提升資安教育與少年防範意識:加強校園與家庭資安宣導,告知未成年學子 AI 技術的倫理界限與風險。
  • 行政與法制配套完善:改進取證流程與少年司法制度,協助警方快速鎖定流程並追查加密貨幣交易資金流向。

4. 參考連結

👉 朝日新聞全文報導

2025年7月15日 星期二

AI 程式碼幻覺爆發!不存在的套件竟能滲透供應鏈

AI 程式碼幻覺爆發!不存在的套件竟能滲透供應鏈

AI 程式碼幻覺爆發!不存在的套件竟能滲透供應鏈

📌 1. 事件發生經過(發生時間)

2025年5月15日,發表報導指出,資安研究人員揭露大型語言模型(LLM)在生成程式碼時,會出現「幻覺套件」(package hallucination)現象。 這些由 AI 虛構出來的相依性並不存在於任何套件倉庫,卻可能被開發者誤信並引用,使供應鏈暴露於攻擊風險中。

🌐 2. 影響範圍

  • 開發者與專案:開發流程中出現錯誤相依性導致部署失敗或導入未知模組,增加 debug 與資安風險。
  • 軟體供應鏈:若攻擊者註冊與幻覺相符的套件,可能滲透自動部署流程,安裝惡意程式。
  • 企業信任與資安:使用 AI 工具開發的企業恐因誤信幻覺代碼而讓惡意程式滲入系統。
  • 整體 AI 生態:若無妥善控管,可能動搖產業對 AI 開發工具的信任基礎。

🛡️ 3. 補救防範措施

  • 驗證 AI 生成內容:使用套件驗證工具檢查依賴是否存在並可信。
  • 白名單與 Repository Pinning:限制只能安裝通過審核的套件,杜絕未知來源。
  • 強化程式碼審查流程:對 AI 輸出的每段程式碼進行人工審查與測試。
  • 限制自動引用權限:禁用 AI 自動加入相依性的功能,或以審核機制控管。
  • 建立監控警示系統:在 CI/CD 流程中加入幻覺檢測工具,自動封鎖未知依賴。

🔗 4. 參考連結

📣 延伸閱讀推薦


[解答] Black Belt - Business Critical Services (BCS) for Partners FY23

 


1️⃣ 單選題:Which of the following is not a component of Expert Care?

選項:
A. Incident Management
B. National
C. Problem Resolution
D. Problem Management

✅ 正確答案:B. National


2️⃣ 複選題:The construct and deliverables of Business Critical Services provide value to Cisco partners by empowering them to:

選項:
A. Grow
B. Warranty
C. Sell more, faster
D. Differentiate

✅ 正確答案:A. Grow、C. Sell more, faster、D. Differentiate


3️⃣ 單選題:Which service tier is best suited for existing Cisco customers who are seeking to reduce network costs while maintaining a minimum level of Cisco proactive support?

選項:
A. Essentials
B. Advantage
C. Premier

✅ 正確答案:A. Essentials


4️⃣ 複選題:Business Critical Services is focused on what phases of a customer's technology journey?

選項:
A. Implementation
B. Adoption
C. Optimization
D. Strategic Roadmap Development

✅ 正確答案:A. Implementation、B. Adoption、C. Optimization、D. Strategic Roadmap Development


5️⃣ 單選題:Which of the following is not a service tier?

選項:
A. Essentials
B. National
C. Advantage
D. Premier

✅ 正確答案:B. National


[解答] Cisco Blackbelt PX Cloud for Partners

1. 題目:I’m looking at the Customers tile. Where would I see a listing of all the Success Tracks contracts I have sold?Cisco+1Cisco+1

選項:

  1. Contracts tab

  2. Customer CX Cloud tab

  3. Visual filters

  4. 360 viewCisco DevNet+3Cisco+3思科社區+3思科社區+18Cisco+18思科社區+18

正確答案:

  1. Contracts tab
思科社區+1思科社區+1

解析: 在 PX Cloud 的 Customers 磁貼中,您可以透過「Contracts」標籤查看所有已銷售的 Success Tracks 合約。Cisco+2Cisco Blogs+2transform.cisco.com+2


2. 題目:I was planning to create a new ACC offer, but I’m not sure I remember the steps. Where would I find a step-by-step guide to help me?

選項:

  1. Getting Started drop-down on the Partner Offers tile

  2. Creating Offers link on the Customers tile

  3. Settings icon on the admin panel

  4. Visual filters on the Partner Offers tile

正確答案:

  1. Getting Started drop-down on the Partner Offers tile

解析: 在 PX Cloud 的 Partner Offers 磁貼中,透過「Getting Started」下拉選單,您可以找到創建 ACC 提供的逐步指南。Cisco+1Cisco+1


3. 題目:What is the main value of Visual Filters?Cisco

選項:

  1. Simple, graphical way to quickly sort a large list into a small one

  2. Easy way to change the appearance of the PX Cloud UI

  3. Quick, efficient way to communicate to the customer's CX Cloud

  4. Effective way to increase the visibility of PX Cloud

正確答案:

  1. Simple, graphical way to quickly sort a large list into a small one

解析: Visual Filters 提供簡單的圖形化方式,讓使用者能快速將大量資料篩選成較小的清單。


4. 題目:Which of the following is especially valuable information, available from the customer’s CX Cloud?Cisco

選項:

  1. Advisories related to the customer’s assets from the Customer tile.

  2. Training opportunities available from the customer’s Lifecycle tile.

  3. Important dates such as customer contact birthdays and anniversaries

  4. The partner’s user permissions and access level

正確答案:

  1. Advisories related to the customer’s assets from the Customer tile.

解析: CX Cloud 中的 Customer 磁貼提供與客戶資產相關的 Advisory 資訊,對合作夥伴而言,這是特別有價值的資訊。


5. 題目:Which of the following UI elements is used to drill into a piece of information for more detail?

選項:

  1. 360 view

  2. Visual filters

  3. Custom APIs

  4. Search function

正確答案:

  1. 360 view
video.cisco.com+2Cisco DevNet+2Cisco+2

解析: 在 PX Cloud 中,使用「360 view」可以深入了解某項資訊的詳細內容。


6. 題目:Using PX Cloud APIs to deliver a Known Issue Identification and Remediation service is an example of what type of PX Cloud API use case?

選項:

  1. Lifecycle Services

  2. Managed Services

  3. Proactive Network Management

  4. Software Image Management

正確答案:

  1. Proactive Network Management

解析: 利用 PX Cloud API 提供已知問題識別與修復服務屬於主動式網路管理的應用案例。


7. 題目:Why is the visibility to advisories related to customer assets so valuable to the partner?

選項:

  1. It enables the partner to be proactive by extending service offerings to the customer before an issue arises.

  2. It enables the partner to contact Cisco and bring in support.

  3. It enables the customer to contact the partner when a problem comes up.

  4. It enables the customer to see which of their assets might have a problem.

正確答案:

  1. It enables the partner to be proactive by extending service offerings to the customer before an issue arises.

解析: 透過了解與客戶資產相關的 Advisory 資訊,合作夥伴可以在問題發生前主動提供服務,提升客戶滿意度。


8. 題目:What is the goal of the Implement phase for partners’ journey with PX Cloud?

選項:

  1. Partners start using PX Cloud as a service offering marketplace and differentiator

  2. Validate customers are visible and tool is fully functional for all partner users

  3. Reconfirm business objectives and become familiar with PX Cloud

  4. Confirm PX Cloud essential to operations, creating new opportunities for portfolio extensibility increasing business value and customer relationship

正確答案:

  1. Validate customers are visible and tool is fully functional for all partner users

解析: 在 PX Cloud 的實施階段,目標是確保客戶資料可見,並確認工具對所有合作夥伴使用者完全功能正常。


9. 題目:How does the partner get access to their customer's CX Cloud data?

選項:

  1. The partner must request access through the PX Cloud using the Customers icon in the Admin settings

  2. All customer CX Cloud data is automatically accessible when PX Cloud is implemented

  3. The partner must create an API to connect their PX Cloud to the customer's CX Cloud

  4. Cisco provides an API to connect the PX Cloud to the customer's CX Cloud

正確答案:

  1. The partner must request access through the PX Cloud using the Customers icon in the Admin settings

解析: 合作夥伴需透過 PX Cloud 的管理設定中的「Customers」圖示,向客戶請求存取其 CX Cloud 資料。


10. 題目:Can any partner use the Partner Offers tile to create Accelerators and ATX?

選項:

  1. No. Only CX Specialized partners that have opted-in to Partner Lifecycle Services can do that.

  2. No. Only Premier level partners can do that.

  3. Yes. Any partner can create offers.

  4. Yes. The partner just needs to request CX Cloud access.

正確答案:

  1. No. Only CX Specialized partners that have opted-in to Partner Lifecycle Services can do that.

解析: 只有獲得 CX Specialized 認證並加入 Partner Lifecycle Services 的合作夥伴,才能在 PX Cloud 的 Partner Offers 磁貼中創建 Accelerators 和 ATX 服務。 

2025年7月14日 星期一

Cisco Blackbelt CX Test (Success Tracks)

 




1. What type of Cisco Specialization is required for partners to publish their own branded services engagements through PX Cloud?

選項:

  1. Collaboration Specialization

  2. Adoption Specialization

  3. Advanced Customer Experience Specialization

  4. Enterprise Networking Specialization

答案: 3


2. Which statements about Success Tracks are correct?

選項:

  1. Success Tracks are CX services and capabilities covering a customer's entire lifecycle journey.

  2. Success Tracks are multiple levels of experience in four focus areas: expert resources, trusted support, insights & analytics and contextual learning.

  3. Success Tracks offer a use-case guided services by architecture.

  4. All of the Above

答案: 4


3. What is one key differentiated customer deliverable within Level 2 of Success Tracks?

選項:

  1. Accelerators

  2. Ask the Experts

  3. Managed Services

  4. SNTC Portal

答案: 1


4. What are the main categories for partners to define and deliver their own offers based on the deliverables within Success Tracks?

選項:

  1. Ask the Experts

  2. Insights & Analytics

  3. Enterprise Agreement

  4. Accelerators

答案: 2、4


5. Cisco Success Tracks provide a _______ journey to help customers achieve value faster.

選項:

  1. Land and adopt

  2. Managed Services

  3. Solution architect

  4. Use-Case-Guided

答案: 4


6. What is the primary tool customers, who purchased Success Tracks, use to monitor their lifecycle progression, get telemetry based insights, and access to contextual learning?

選項:

  1. PX Cloud

  2. CX Cloud

  3. CCW

答案: 2


7. Cisco's CX Success Tracks Level 1 helps customers and partners improve their IT efficiencies with the following: Which statements about Level 1 are correct? (Select all that apply)

選項:

  1. Self-guided resources

  2. Customer accessibility through the CX Cloud

  3. Scope of Work (SOW) based services

  4. Managed Services

  5. Smart Net Total Care

答案: 1、2、5


8. What are the four main capabilities of Success Tracks designed to address customers business issues? (Select all that apply)

選項:

  1. Expert Resources

  2. Trusted Support

  3. Implementation Services

  4. Insights and analytics

  5. Contextual Learning

答案: 1、2、4、5


9. All levels of Success Tracks include Ask-The-Experts (ATX) that provide expert-led one-to-many interactive educational sessions.

選項:

  1. TRUE

  2. FALSE

答案: 2


10. Partners can build upon the CX Cloud to market their own services in combination with CX.

選項:

  1. TRUE

  2. FALSE

答案: 1

Popular