Holy fucking CHRIST hackers have gotten good in the last week. My team is cracking. What the fuck is even happening?
>>108777742should've change from password to passkeys
>>108777742Cpanel?
M Y T H O SYTHOS
>>108778137Very good saar
>CHRIST hackers? religion hackers
>>108777742>What the fuck is even happening?The same thing that happens each time since the recent cybercrime Wave started— They found the premade glownigger backdoors.The normalfag layer of software is genuinely pretty okay nowadays. It's the fact it's all backdoored to kingdom come that's raping us
Turns out stochastic parrot next token predictors are better than humans at finding vulns
>>108777742Vibecoding
>>108778231Nah, stochastic parrot next token predictors are the ones introducing the vulnerabilities through their dogshit vibecoding.
>>108778231They are better at finding known vulnerability patterns for sure. Just like they are better than doctors at diagnosing rare conditions. Because they can pattern match and predict on loads more raw data at once than a human.But that means they are also good at fixing them and finding mitigations. Copilot gave me a usable mitigation for this in about 30 seconds. Also recommendations to patch the kernel.
>>108778297just run ai in loop and keep fixing it and finding vulns until it "works" kek
>>108778340sure but you never know if those changes didn't add other problems, nor is vulnerability detection perfect. These are stohastic predictors not magic. Most of their dataset is average code.
These kinds of problems are literally what LLMs are for, unironically.
>>108778371Each cycle just adds more bloat and more bugs.Turns out nondeterministic tools always increase entropy. Shocker.
>>108777742>Holy fucking CHRIST hackers have gotten good in the last week.I'm out of the loop. What has been going on?
>>108777742Glasswing.
>>108778447add another agent which debloats and fixes bugs lmao
>>108778223Is this next-generation cyberware accelerated by AI or is it just a bunch of companies reusing passwords and having insecure permissions again?
>>108778498You are a retard.
>>108777742another jeetful sales pitchget a job you streetshitting parasite
>>108778383>sure but you never know if those changes didn't add other problemsFor the mitigation, I know exactly what the tradeoffs are.In this case, the exploit can be blocked by disabling user namespaces. This obviously means you can't use user namespaces which means rootless docker and various other sandbox type applications will have problems. So it might not be useful for random desktops or docker-heavy environments. But my servers don't use user namespaces so there's no immediate downside for me. In fact, they probably never should have been enabled in the first place.
>>108778479People pointing gpt 5.5 and whatever number anthropic is up to at the Linux kernel to find non race condition LPEs. Copy fail, dirty frag, just massively improved dirtycow implementations.Shinylapsus or whatever the fuck they are calling themselves these days continue to social engineer their way into orgs that should be resistant to it. Almost tangential to the huge deluge of exploits being found, but those kids are getting more and more and more access and there’s fuck all that can be done about it. No one can prevent their 4th/5th/nth party suppliers from selling their creds for 5k and fucking everyone down stream. It’s literally unsolvable
>>108778534"claude make me less retarded." Heh get fucked luddite i win
>>108778568the real ones aren't using the major models standalone, they've trained their own models using their lifetime of specific and very niche knowledge which is not available on the surface internet for the major models to suck up and train off.
>>108778568>Shinylapsus or whatever the fuck they are calling themselves these days continue to social engineer their way into orgs that should be resistant to it.>No one can prevent their 4th/5th/nth party suppliers from selling their creds for 5k and fucking everyone down stream.That's the problem. What's the deal with hype around AI discovering vulnerabilities that are exploitable in very specific circumstances (often post-authentication) when dead shit employees will just tell their password to everyone? I feel like there's a disconnect for how people believe security breaches happen versus how they actually happen. How they actually happen is often because somebody directly or indirectly gave their credentials to a person they shouldn't have. The next one down is some retarded vulnerability that's exploitable by anyone who can write a curl request (think IDORs and shit like that). The really cool zero-days are often exploited by state actors, and they're often not burned breaking into lame ass companies. Especially since social engineering and conventional web app exploits work well enough.
>>108778867Yeah well I work for an org that has been targeted by state actors so I have to care about this.And you might be surprised what kind of companies state actors will target.
