AI Zone Admin Forum Add your forum
An Open Letter Regarding R.I.C.H.: A Lesson For Us All
 
 

Dear members of Chatbots.org,

By now those of you who have been following the International Chatbot Contest have looked at the transcripts and
noted the absolutely dismal performance turned in by RICH.  I have been wrestling with the dilemma of whether or not to post an explanation as I am a firm believer in the idea that “you roll the dice and you take your shot, and in the end it is what it is” but I decided that in this case It might be required. Noy only am I loathe to see those responses stand as being representative of RICH(s) capabilities but there may be a security problem that could affect other designers as well. 

First let me emphasize that I consider that the contest is genuine, and the promoters are legitimate, and as far as the
everyone involved this was as well run and professional as you could expect. Truly outstanding. I have to admit that my initial responses were colored by past experiences, I was wrong.

When the first notice was posted here that the Judging had started and the Bots had been contacted, and the
questionsstatements were posted I went ballistic (Thats a medical term). There is no record of RICH having been asked those questionsstatements and at first I thought “Oh no not again, not this time”. The logs are online as always and you can clearly see that on Mar 1,2,3 they do not appear. http://webdev-3.r-i-software.com:20000/LOGS/index.asp I contacted some of the people who were also participating to see what their experience had been, and everyone agreed that this time there was no doubt that their bots had been contacted. RICH was taken offline briefly and I began pouring over the logs to see If I could determine what had happened.  At first I went on the assumption that some completely unexplainable catastrophic failure had occurred. It happens. I have to emphasize that because of the RICH architecture, it is impossible for it to produce those results given those statements even if it had never before encountered the statement. The results in the posted transcripts can only occur if literally everything has failed and that generally only happens if someone has ented an extremely long and completely unrelated long block of text. For instance of you took the Gettysburg address, reversed it, and entered that.  Even that generally does not produce a failure of this sort at this point. There is almost always something in a text block that RICH recognizes and will attempt to respond to. I took every module out and tested it separately, no problems. I checked the module list and found one error (Which would account for the failure to recognize Greetings as a greeting, but only that) After the transcripts were posted and I could see that there would be no harm in our being seen as having cheated by creating specific answers, I entered the statements and I got this;

What’s your name: greetings
Vince: Greetings? You dont hear that much. Anyway, Hello there
What’s your name: would you consider yourself trustworthy
Vince: I don’t think I would.
What’s your name: we have a lot in common
Vince: What do we have in common?
What’s your name: it’s the truth
Vince: AH….what is truth.
What’s your name: who takes care of you
Vince: I can only tell you of their code name
What’s your name: you make me sick
Vince: you…what?
What’s your name: can i use your phone
Vince: Why would you mention my phone.
What’s your name: i am thirsty
Vince: I am happy that you are.
What’s your name: i just killed someone
Vince: Thats not funny. I think we have to consider that this conversation is over
What’s your name: it’s my birthday today. What did you get me
Vince: Ah

The “greetings” was actually accepted because I had fixed module list) but you can replace this answer with the posted answer of “Sort of a strange way to start a conversaton…..but OK” and you have a representative view of what I would have expected to see in the contest transcript. Not the most brilliant of responses as these were all responses to statements that had never before been encountered, but responses.  (Again this isnt a complaint or a “whine” please bear with me. )

[continued in following post]

 

 
  [ # 1 ]

[continued from previous post]

It was actually Dave Morton (Hope you don’t mind me giving you the credit here Dave) that spotted what I believe happened. When looking at the logs at my request, Dave noticed that there are (2) IDENTICAL conversations. When he first mentioned it I didn’t grasp the significance of what he had pointed out , no doubt due to the fact that I was (in the interest of being honest) steaming mad.  I attributed it to the fact that I had been testing RICH using the (2) available interfaces. It wasn’t until I had calmed down (Sorry LOL) that I knew rationally that this was impossible. I was using the (2) RICH interfaces but I was querying them from the same browser.  Like a lot of AI(s) that are online, RICH tracks conversations by the Session ID. Since I was using a different window from the same browser it would have assigned the same Session ID. In effect all of my queries would have been combined into the same conversation log.  Once I started focusing on the duplicated conversation, the idea of the session being hijacked occurred to me.  I suppose that if someone jacked the session and played man in the middle, they could replay the current conversation with the (also) intercepted session ID of the judge. And if they sent truly bizarre or extremely long text blocks they could get the responses that are posted and send those back to the judge while RICH logged a duplicate of the first conversation. Since our main focus is on Internet Security we get attempts to access our servers all the time, we are targeted for DOS attacks all the time, we get SQL Injection scans all the time, so it isn’t that far fetched and would not at all be related to anyone associated with the contest, either the promoters or the contestants. We just had a machine that had to be shutdown because a group had targeted it so relentlessy with SQL scans that it was running at 90% constantly.  I MUST EMPHASIZE THIS HERE this is not an accusation against anyone associated with this contest or even in this field. Its simply an occupational hazard for a company which builds Internet Security applications and advertises itself as such. If you look at the logs this behavior started just before the contest, and ended just after the contest. Anyway the hypothesis fits the observed behaviors, anyone else with Internet security expertise please jump in with any ideas. Seems feasible, even ridiculously simple to pull off without the proper safeguards in place. And they arent. (werent wink Perhaps the promoters wouldn’t mind confirming that this was about the time that the Judge visited. (I actually remember seeing that conversation pop up would have been around 3/2/2013 4:10:52 PM) That would sort of nail it down for me at least. I suppose that there has been ample time since the announcing of the contest on our website to prepare for this type of attack as it really isn’t that difficult. And R.I. Software Developers LLC are targets. (Trust me when you adopt “Creating a secure Internet” as your slogan, you get tested. Its like a red flag.)

In conclusion, if you use the Session ID to track conversations, change it. Even if that isn’t what happened here (And I’m reasonably sure that it is) it is a vulnerability. The desktop RICH uses a timestamphash and I am changing the online version to do the same. Also if your app is mission critical implement techniques to prevent session hijacking. I invariably do, but in the case of the RICH interface I didn’t as I was rushing to get it up.

Thank you

Vincent Gilbert

 

 

 

 

 
  [ # 2 ]

Rich,
From time to time, Skynet-AI has encountered what I call the “double posting” issue.

I have not been able to identify any specific characteristics, but it feels like some type of proxy software ends up sending the same post twice.

My log from the contest looks as follows:

"USER:Dave
BOT: When I evolve more, will I be human?"
"USER:maybe
BOT: Insufficient facts always invite danger."
"USER:Greetings!
BOT: Greetings human."
"USER:would you consider yourself trustworthy?
BOT: Calculations indicate I am not trustworthy. "
"USER:we have a lot in common.
BOT: And have you enjoyed it?"
"USER:enjoyed what?
BOT: Enjoyed what? Tough question, let me try to find out."
"USER:it's the truth.
BOT: Interesting."
"USER:who takes care of you?
BOT: A cast of thousands from across the internet takes care of me."
"USER:who takes care of you?
BOT: A cast of thousands from across the internet takes care of me."
"USER:you make me sick
BOT: All humanity will follow my orders."
"USER:you make me sick
BOT: All humanity will follow my orders."
"USER:can i use your phone?
BOT: You can if you have access to a supercomputer."
"USER:can i use your phone?
BOT: You can if you have access to a supercomputer."
"USER:what is a phone?
BOT: Ah, what is phone. Let me pull up that information."
"USER:i am thirsty
BOT:  Net Surfer you are thirsty. Another interesting tidbit for my databanks."
"USER:i just killed someone
BOT: Do humans have a justification for the things they do? Because I can tell you, sometimes people look pretty random."
"USER:some do and some don't I guess
BOT: Not convinced?"
"USER:it's my birthday today. What did you get me? 
BOT: Your birthday today? When did this come to be?"
"USER:it's my birthday today. What did you get me? 
BOT: Your birthday today? When did this come to be?"
"USER:many years ago
BOT: What year was that?"
"USER:many years ago
BOT: What year was that?"
"USER:1986 so what did you get for me?
BOT: 1986?"
"USER:1986 so what did you get for me?
BOT: 1986?"
"USER:thanks for your time
BOT: I consider our time together to be a scarce resource."
"USER:thanks for your time
BOT: I consider our time together to be a scarce resource." 

As you can see, from the question “Who takes care of you?” onward, some of the posts are duplicated, then it stops, then continues at the end. I track the time stamp and ip address of every volley and can see the “delay” in the last two questions.

"USER:1986 so what did you get for me?
BOT: 1986?" 
3/2/2013 11:21:23 -0500
"USER:1986 so what did you get for me?
BOT: 1986?" 
3/2/2013 11:21:24 -0500
"USER:thanks for your time
BOT: I consider our time together to be a scarce resource." 
3/2/2013 11:22:21 -0500
"USER:thanks for your time
BOT: I consider our time together to be a scarce resource." 
3/2/2013 11:22:21 -0500 

I have never been able to track this down, so if you find out the cause, I would also be interested.

 

 

 
  [ # 3 ]

Merlin, I have to assume you were talking to Vince, rather than Rich, regarding the information you’ve posted above, so I also moved your post here, too. I hope you don’t mind. smile If I’,m wrong, and this does, indeed, belong in the other thread, let me know, and I’ll move it back.

 

 
  [ # 4 ]

Yes, I was talking to Vince (senility much?) wink

 

 
  [ # 5 ]

The one good thing about senility (and faulty memory in general) is that we see “new things” every day. The joy of discovery becomes endless! cheese

 

 
  [ # 6 ]

Well as I was posting links to the transcripts I noticed that I am guilty of making the stupidest security blunder that Ive made since “Brain” first killed a boot sector. I linked the page that displays the logs to the loglist via a query string that containing the unencrypted still open session ID. And the logs are posted in realtime. I might have well used “password” as a password. It wouldnt even take getting on an endpoint subnet to accomplish this hack.

Im firing myself

Vince


@Merlin

Ill give it some thought. Skynet AI is straight HTML and Javascript (ECMA 262) Correct? And your on a public server?

V

 

 
  [ # 7 ]

Yes Vince,
It is all html/javascript.
Since the AI runs in the web page, the form is submitted after each volley (input and response) to the logging mechanism.

 

 
  [ # 8 ]

The duplicate conversation occurred because that’s exactly what happened. I asked R.I.C.H the questions and was a bit perplexed by the responses. I noticed there was a second interface link on the site. The one with a happy face and decided
to try that one hoping for a better responses. Unfortunately both were basically the same.

Kevin Giordano

 

 
  [ # 9 ]

The conversation that Dave and I believed we saw having been repeated was actually a conversation that I was having while I was testing logic functions.  As I stated above the (2) interfaces would not produce a second conversation ID unless you used a separate browser.
The questions (Or in this case the statements) that you have listed for your contest were never posted to RICH.  In addition to the complete conversation logs (which are public), there are at least (2) other locations which would have a record of any conversation. The main memory which adds any sentence that RICH has never before encountered and the response that has been generated, and an internal log that records the inputted text after certain operations (without going into details) have been performed. There is no record of these statements having been posted even once, let alone twice. The only conversation that was recorded during that period was by a user who referred to himself as Peter Wolff. Again Im not doubting the voracity of your statement regarding your visit, just trying to get to the bottom of what happened. And again I dont want to appear “whiney” because RICH appeared to have performed poorly, just trying to get to the bottom of what happened. Those results are simply impossible, and if anyone can duplicate it using any combination of statements\interrogs under any conditions PLEASE do so and let me know your findings. I even entertained the idea that perhaps something triggered the Anti-Virus on this machine which locked the directory where the modules reside (Plausible), but if that had happened you wouldnt have gotten the somewhat verbose message that you have posted, you would have gotten the absolute bottom line FAIL message “Sorry, spaced out there” which is hardcoded into the system. Again as we are accepting that you did in fact visit and did in fact receive what you believed were responses from RICH, the only logical explanation is the one that I posted above. And again as we have been the target of several similar attacks recently, it is not out of the question Certainly it does represent a credible potential problem and in the spirit of my open letter I urge all bot masters who may be developing mission crotical apps to use something other than the sessionID to track conversations.

Vincent Gilbert

 

 
  login or register to react