this kinda shit makes me understand the sovcit stuff a little more, “just send an email with this magic subject text and your rights are secured!”
this kinda shit makes me understand the sovcit stuff a little more, “just send an email with this magic subject text and your rights are secured!”
the hostname of a website is explicitly not encrypted when using TLS. the Encrypted Client Hello extension fixes this but requires DNS over HTTPS and is still relatively new.
honestly i wouldn’t trust your linux example at all, what happens with run([“echo”, “&& rm -rf /“])
just a guess, but in order for an LLM to generate or draw anything it needs source material in the form of training data. For copyrighted characters this would mean OpenAI would be willingly feeding their LLM copyrighted images which would likely open them up to legal action.
even in your hypothetical of a file name passed in through the args, either the attacker has enough access to run said tool with whatever args they want, or, they have taken over that process and can inject whatever args they want.
either attack vector requires a prior breach of the system. you’re owned either way.
the only way this actually works as an exploit is if there are poorly written services out there that blindly call through to CreateProcess
that take in user sourced input without any sanitization, which if you’re doing that then no duh you’re gonna have a bad time.
cmd.exe
is always going to be invoked if you’re executing a batch script, it’s literally the interpreter for .bat files. the issue is, as usual, code that might be blindly taking user input and not even bothering to sanitize it before using it.
i’m not understanding how this is supposed to be so severe. if an attacker has the ability to change the arguments to a CreateProcess
call, aren’t you hosed already? they could just change it to invoke any command or batch file they wanted.
open source software getting backdoored by nefarious committers is not an indictment on closed source software in any way. this was discovered by a microsoft employee due to its effect on cpu usage and its introduction of faults in valgrind, neither of which required the source to discover.
the only thing this proves is that you should never fully trust any external dependencies.
git bisect
is just this guy jumping through portals to alternate universes where the bug either exists or doesn’t
yeah silly me for supporting artists with my money but also downloading drm-free copies of things so I can actually exercise a semblance of ownership. but sure, keelhaul me so you can keep your sense of smug superiority.
AI is a tool that is fundamentally based on the concept of theft and plagiarism. The LLM training data comes from artists and creators that did not consent to their work being plagiarized by a hallucinating machine.
it literally explains what they’re for in the product listing:
These labels aid your warehouse operations.
• Categorize inventory, reorder points, product dating or special instructions.
• Apply these labels to pallets, boxes and shelves for easy identification.
• Easy to write on.
please just stop writing code. just walk away and find something else to do.
“ai helps me debate religion with my friends” is some real bleak shit
SMS is literally the bottom of the barrel though
this post seems nice and succinct, not sure about ECC but RSA certainly seems easy enough
have you tried openssl?
deleted by creator
and it’s also why the propaganda machine always pushes the “violence is not the answer” narrative
assuming you have a GNU toolchain you can use the find
command like so:
find . -type f -executable -exec sh -c '
case $( file "$1" ) in (*Bourne-Again*) exit 0; esac
exit 1' sh {} \; -print0 | xargs -0 -I{} cp {} target/
This first finds all executable files in the current directory (change the “.” arg in find to search other dirs), uses the file
command to test if it’s a bash file, and if it is, pipes the file name to xargs
which calls cp
on each file.
note: if “target” is inside the search directory you’ll get output from cp
that it skipped copying identical files. this is because find
will find them a free you copy them so be careful!
note 2: this doesn’t preserve the directory structure of the files, so if your scripts are nested and might have duplicate names, you’ll get errors.
Microsoft creates secure boot: “we should be able to run whatever we want on our hardware!”
Microsoft lets users install crowdstrike on their computer: “Microsoft shouldn’t let us run this on our hardware!”