Today in InfoSec Job Security News:
Uncategorized
50
Posts
40
Posters
6
Views
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog so would you consider this mass accidents or a targeted supply-chain attack?
-
@da_667 @GossiTheDog I wish that juice actually existed...
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog Consistency: so important 😱
-
@GossiTheDog what's funny to me, is that there were influencers on linkedin a few days ago claiming claudecode could find vulnerabilities in code faster than humans, and they're like "look at all these openssl vulns it found!" now I'm like. "well no shit its finding vulnerabilities, when its the one introducing them."
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog sure, but it did that so much faster than a human could!
-
@GossiTheDog what's funny to me, is that there were influencers on linkedin a few days ago claiming claudecode could find vulnerabilities in code faster than humans, and they're like "look at all these openssl vulns it found!" now I'm like. "well no shit its finding vulnerabilities, when its the one introducing them."
@da_667 @GossiTheDog I will create the viruses and then sell my antivirus product to protect you
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
So a supply chain attack or actually genuine commits (or a mix as camouflage?) 🤯
-
@GossiTheDog so would you consider this mass accidents or a targeted supply-chain attack?
@DJGummikuh @GossiTheDog The purpose of a system is what it does. IMO these are not accidents.
-
@GossiTheDog what's funny to me, is that there were influencers on linkedin a few days ago claiming claudecode could find vulnerabilities in code faster than humans, and they're like "look at all these openssl vulns it found!" now I'm like. "well no shit its finding vulnerabilities, when its the one introducing them."
@GossiTheDog ladies and gentlemen, it's this stupid shit (tm) that we are paying up the ass for new SSDs and RAM for.
-
@GossiTheDog sure, but it did that so much faster than a human could!
The LLM can fuck up your project much faster than human developers ever could.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
It's almost as if the language models are actually not intelligent at all.
Who would have thought!?
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog If only a significant number of security practitioners could have seen it coming and warned people.
-
@GossiTheDog what's funny to me, is that there were influencers on linkedin a few days ago claiming claudecode could find vulnerabilities in code faster than humans, and they're like "look at all these openssl vulns it found!" now I'm like. "well no shit its finding vulnerabilities, when its the one introducing them."
@da_667 @GossiTheDog maybe it introduced them in the first place. Now its finding its own code.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog I like the part where people are using Claude to write CLAUDE.md to explain Claude about directory traversal.
Nothing in this supply chain could ever go wrong.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog It is interesting that these changes are attributed to a "user named Claude" and not to the "human using the agent named Claude". This is how diffusion of responsibility works, I guess.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog you're just jealous because it will cure cancer and fix climate change
-
@GossiTheDog ladies and gentlemen, it's this stupid shit (tm) that we are paying up the ass for new SSDs and RAM for.
@da_667 @GossiTheDog There's not enough press on the downstream effects this stupid shit (tm) causes for any non-giant corp including those kids trying to build home labs to learn (like mine).
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@evan Years ago I was flying from CNF to GIG with a conference mate and CNF is a horrible airport in the middle of nowhere. My mate was the type of person who likes to arrive at the last minute and swore everything would be fine. It wasn’t, we missed the flight and had to wait for the next one, for like 5h - it would be impractical to go back to the city, etc.
This is to say: now I always make a point of arriving 3h early no matter what.
-
@Parolinventate
Non c'è di che... 🤭
-
@Nick44 io sto allenando la mia tolleranza.
-
@martijn knowing me, mine would get left on the train or get stuck somewhere.
-
@evan
Yes, but...- only when the original posts are public or quiet-public.
- with appropriate protections against "ai" scrapers and whatever other prevailing threats of the day.
-
@francina1909 ti capisco che sono nella stessa situazione: parli e sbagli, stai zitto e ti chiedono la tua solo per criticarla... Bisogna avere pazienza nella vita 🤦
-
...
...
Ugh FINE 🙄🙄
I'll rewatch Silicon Valley.
-
@francommit io conosco solo "whereever you will go" e ce l'ho nella playlist sullo smartphone
