Today in InfoSec Job Security News:
Uncategorized
153
Posts
118
Posters
15
Views
-
@GossiTheDog I guess the AI security scanners will clean this up with their automated scan and CVE requests.</joke>
@hughsie @GossiTheDog It’s the circle of life. Extra points if the fix has new vulnerabilities in it!
-
@nihkeys @DJGummikuh @GossiTheDog I don't think that phrase allows for incompetency in design. The purpose is what was intended, not what actually results. There is a distinction.
@draeath @nihkeys @DJGummikuh @GossiTheDog not if you want to understand the system.
https://en.wikipedia.org/wiki/The_purpose_of_a_system_is_what_it_does -
@GossiTheDog I became used to checking projects I am checking out for claude (etc) in the source files and commits really fast
@spinnyspinlock@infosec.exchange @GossiTheDog@cyberplace.social If github lists claude (or other LLMs) as one of the top contributors I consider that a red flag
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog which framework?
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog I feel sorry for all the persons named Claude https://github.com/search?q=claude&type=commits
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog this happens when people don’t care nor use AI responsibly… we have to do proper reviews EVERY SINGLE TIME
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog but... Do these repositories all not have any review processes for their PRs?
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog
So just make a bot that goes around behind claude and files a vuln bug and lists the revert as the fix. -
@GossiTheDog
So just make a bot that goes around behind claude and files a vuln bug and lists the revert as the fix.@GossiTheDog
Nvm these are commits, not prs. -
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
Is there a cwe (common weakness enumeration) for AI slop usage already?
-
@da_667 @GossiTheDog took me a while but I finally thought of something :
Who says AI hasn't generated any real value? It's doing wonders for the threat actors
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog I'm anti-AI. I used program generators long ago - they didn't work. They aren't maintainable. Major updates required complete rewrites.
Now there's AI. It's a manager's wet dream...until it isn't.
...but look how productive AI is. It can whip out code as fast as a gossip can spread noise. Sure, there will be glitches, but they'll be fixed when found.
What about the $$$$$ liability of glitches that are not found?
-
We don't need Skynet becoming sentient to trigger the End o' Days.
We got Claude, happily vibing/making 2.1M commits while we were asleep.😴
-
We don't need Skynet becoming sentient to trigger the End o' Days.
We got Claude, happily vibing/making 2.1M commits while we were asleep.😴
@funnymonkey @GossiTheDog Insert Mickey Mouse as the Sorcerer's Apprentice, and all those animated mops carrying pails of water...
-
@funnymonkey @GossiTheDog Insert Mickey Mouse as the Sorcerer's Apprentice, and all those animated mops carrying pails of water...
@carpetbomberz @funnymonkey @GossiTheDog
this. Exactly this.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog That #claude #AI has been created to solve the „we have too much electricity“ problem.
-
Today in InfoSec Job Security News:
I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.
So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.
https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc
As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.
@GossiTheDog It's almost like, maybe, only humans should program computers. Computers should not be submitting and merging their own PRs, am I right ?
-
@GossiTheDog It's almost like, maybe, only humans should program computers. Computers should not be submitting and merging their own PRs, am I right ?
@GossiTheDog "AI" is the cryptocurrency of IT.
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@GustavinoBevilacqua @zero be', certo, gli endless running sono platformer.
-
-
Forse saremmo ancora più divisi... A meno che il "contenitore grande" funzioni
-
Ti occupi di DPI? Aumenta la tua visibilità con lo Speciale PuntoSicuro
@lavoro
https://www.puntosicuro.it/pubbliredazionale-C-119/ti-occupi-di-dpi-aumenta-la-tua-visibilita-con-lo-speciale-puntosicuro-AR-26150/
Non solo pubblicità : trasforma la tua competenza in un vantaggio competitivo. Con gli Speciali PuntoSicuro, la tua azienda diventa un punto di riferimento autorevole nel mercato della sicurezza.
-
Pensare l'Europa come un insieme di territori (e chi li abita), non un insieme di nazioni? (Forse non è così importante?)
-
@angel eheh this is more accurate than you might imagine 😉
-
@zero no, la strada è già smontata e devi fare dei saltoni https://www.youtube.com/watch?v=abxd5d0MEM0
-
My plans for moderation:
I plan to allow sharing of blocklists of did:keys that are known to spamAllow clientside filtering of what replies you see to your posts (followers-only, etc.)Future things also:
In the future I plan to add RFC9420/MLS support for limited-audience posts (which will mean posts are ACTUALLY encrypted, including DM's). Right now for public posts, that is completely pointless, so I am not doing that. Because... why. If it's public, what's the point in encryption beyond, say, HTTPS?Maybe a standalone app or something so you're not running this all as a mystery meat blob of JavaScript.Other database/relay backends besides OrbitDB.Maybe a proof-of-work system akin to HashCash to prevent spam.
