Today in InfoSec Job Security News:
Uncategorized
144
Posts
111
Posters
11
Views
-
We don't need Skynet becoming sentient to trigger the End o' Days.
We got Claude, happily vibing/making 2.1M commits while we were asleep.š“
@funnymonkey @GossiTheDog Insert Mickey Mouse as the Sorcerer's Apprentice, and all those animated mops carrying pails of water...
-
@funnymonkey @GossiTheDog Insert Mickey Mouse as the Sorcerer's Apprentice, and all those animated mops carrying pails of water...
@carpetbomberz @funnymonkey @GossiTheDog
this. Exactly this.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, thereās over 2m of them and itās about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog That #claude #AI has been created to solve the āwe have too much electricityā problem.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, thereās over 2m of them and itās about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog It's almost like, maybe, only humans should program computers. Computers should not be submitting and merging their own PRs, am I right ?
-
@GossiTheDog It's almost like, maybe, only humans should program computers. Computers should not be submitting and merging their own PRs, am I right ?
@GossiTheDog "AI" is the cryptocurrency of IT.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, thereās over 2m of them and itās about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog https://github.com/claude right now showing "Something went wrong, please refresh the page to try again." Yeah, dude.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, thereās over 2m of them and itās about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog i keep waiting for a scandal to break out about this, but it never comes
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, thereās over 2m of them and itās about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
Makes me wonder if this is a effort by "closed source" to disrupt/poison/discredit open source? š¤
-
@nihkeys @DJGummikuh @GossiTheDog I don't think that phrase allows for incompetency in design. The purpose is what was intended, not what actually results. There is a distinction.
@draeath @nihkeys @DJGummikuh @GossiTheDog If it was an accident, or incompetence, then it would be rapidly corrected.
If it's not rapidly corrected, then it is the purpose.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, thereās over 2m of them and itās about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog @deliberately_me oh goodie. Our global repository has been compromised by a worm.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, thereās over 2m of them and itās about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog loltears. ie. fools suffer consequences of being fools, but at scale
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, thereās over 2m of them and itās about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog Fortunately, I can choose to not engage.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, thereās over 2m of them and itās about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog I think @timbray might be interested in that too.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, thereās over 2m of them and itās about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog Not just bad vibes, but the *same* bad vibes repeated endlessly!
-
Makes me wonder if this is a effort by "closed source" to disrupt/poison/discredit open source? š¤
@c64whiz @GossiTheDog
This was honestly my first thought.The vast majority of the tv-news-watching public barely understands computers as it is through no real fault of their own as they have been spoonfed "magic and mystery" since the dialup days.
The distinction of "open source = MORE dangerous than big company software" would be very easy for a front of united major media outlets owned by a handful rich folks to spread and most people will not be equipped to tell facts from misinformation.
How well have those open source legal protections been working against the "smart TV" industry? I'd bet every TV holding shelf I hit at Wal-Mart will be stocked with misappropriated GPL code and no source distribution.
This is the same tactic major corps use to obtain IP for themselves.
Lock up the originator in tedious, costly busywork (typically legal, claiming infringement to start a costly time-consuming trial, for most corps) and then when the originator can't handle it and collapse under the weight of it all, the corps take the product as their own.
Tying up repos with vulnerabilities that might not get noticed just might work out well for the major software outfits in the long run.
It's reprehensible and a little more haphazard, but it sure looks awfully familiar.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, thereās over 2m of them and itās about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog
Aaaahhh!
Who is giving clankers commit privileges to their repositories? Seems like an obvious failure of project management. -
@GossiTheDog This was literally the first major security mistake I made in my early days as a Perl developer and I don't imagine it's that uncommon. Claude has probably been trained with a truckload of code with these vulnerabilities.
That's okay because we run everything in single-purpose Docker containers now though, right? /s
I keep pointing out to my coworkers that these clankers are trained on StackOverflow posts that contain code examples followed by "here's what I wrote, why doesn't it work?"
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, thereās over 2m of them and itās about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
This is just starting to sound like a cyber attack.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, thereās over 2m of them and itās about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog This kind of basic stuff is easily caught by any free static analysis tool. There's no excuse to not be running one in one's repo, vibe-coded or not.
-
@da_667 @GossiTheDog I wish that juice actually existed...
@Drat @da_667 @GossiTheDog It does. In the form I was really fond of it's $50 per 750 ml and makes you say stupid shit like, "GASP...that's really smooth...." and then shove your head up your ass.
But I'm actually sick to death of that kind of oblivion. The shit I have to unsee just keeps adding up as does the shame of letting shit pass by unopposed.
Gli ultimi otto messaggi ricevuti dalla Federazione
-
Punk Rock History (@punkrockhistory.bsky.social)
https://bsky.app/profile/punkrockhistory.bsky.social/post/3mezpkl3i5s2j
> 47 years ago today BlondieĀ scored their first UK No.1 album when 'Parallel Lines' started a four-week run at the top of the charts, featuring the singles 'Heart Of Glass', 'Hanging On The Telephone' and 'Sunday Girl #blondie #poppunk #newwave #punkrockhistory #otd
-
Lāordine pubblico del governo a caccia di giovani | il manifesto
https://ilmanifesto.it/lordine-pubblico-del-governo-a-caccia-di-giovani
> Diritti (Commenti) Come avviene lāarresto di un manifestante indagato per scontri di piazza? Di solito gli agenti arrivano a notte fonda o alle prime luci dell'alba, entrano in casa mai in meno di quattro con passamontagna e pettorine, lāadrenalina ĆØ quella del blitz. Quando una dozzina di agenti tra Digos e Ros alle 4.30 di notte si
-
La Germania non partecipa, nel rispetto della Costituzione | il manifesto
https://ilmanifesto.it/la-germania-non-partecipa-nel-rispetto-della-costituzione
> Germania (Internazionale) Nein danke. Puntuale, secca, inequivocabile ĆØ la risposta di Berlino alla suggestione diffusa da Roma sul possibile coinvolgimento del governo tedesco nel Board of Peace su Gaza del presidente Usa. Al contrario dell'Italia, la Germania non parteciperĆ in alcuna veste al nuovo organismo di governance mondiale costruito da Donald Trump, Ā«nĆ© come partecipante, nĆ© come
-
Ā«Stupidi e ciechi reazionariĀ». Impressioni di febbraio
@anarchia
Che lo sgombero di Askatasuna non potesse vedere che una risposta partecipata ed energica, era praticamente scontato. Non solo per il carattere āstoricoā del centro sociale ā e la militarizzazione permanente del quartiere Vanchiglia che ĆØhttps://www.rivoluzioneanarchica.it/stupidi-e-ciechi-reazionari-impressioni-di-febbraio/
-
@InternetEh the 00s somehow were even worse for music than the 90s.
-
Inps, parlare con te ĆØ unāesperienza
Una (lenta) conversazione surreale che ho avuto:
-
There's a massive WhatsApp account takeover campaign in Armenia right now
This seems to be a commodity spam operation, but investigators believe the attackers are exploiting SS7 š
-
It's wild that the Black Eyed Peas was like decent music when it came out
Like that's what music was then
