Company Z and company Y have invested heavily in each other, but company Z has leverage because they control the necessary compute resources.

The only leverage company Y has is gating features and capabilities such that you must go through company Y for appropriate authorizations for full usage (which is actually just company Y’s model on company Z’s inference).

Class action? No idea.

Getting rug pulled by your inference providers when they realize the only reason they need you is because you intentionally handicap the model under the guise of ? Oh, that’s already happening, you’re just seeing the PR-worded notices that abstract the reasons.

This appears to require attacker controlled data already being written to a settings XML file in specific locations on disk.

Put simply, this requires another prerequisite arbitrary file write vulnerability to be reachable.

This isn’t “zero click” unless we’re going under the assumption that an attacker already has full control over my machine before that. At best, this is a persistence mechanism, not initial access.

The team writing about it has a core charter to publish research about how AI will be disruptive to certain industries. The publication of such research is the disruption.

What remains when you stop gamifying the lag time of putting onus of counter evidence of impact and not just minmaxxing the discovery of bugs at the start of a development process is…

Does anyone remember LK-99? Yeah. Playbook works.

If you begin a generic reverse engineering task, 30+ tool calls in a row. The moment it sees something it doesn’t like, token burn, single tool calls iteration, “This is a known CTF challenge, I can proceed”, single tool calls iteration, “This is a real CTF challenge, I can proceed”, etc.

It’s heavily neutered now, without changing the model, and you pay for the privilege and don’t notice.

The end result of course being that it both expensive and useless for approved CTF tasks. No one is using Opus for security. If they think it’s working, the harsh reality is they’re not doing security work; they’re just generically finding bugs.

I do this for a job and can demonstrate this plain as day, dump the injected prompt, and notice what it’s doing isn’t security work, it just looks like it. Happy to write a blog about it if you want to know more. Apparently many people think it’s working for them when it absolutely isn’t.

Parallel *Re*construction is a play on words I wrote related to a lot of the nuance at play I wasn’t able to cover in the blog without making it very long.

By breaking the software facilitating https via ACME itself, no anomalous certificate transparency logs would have needed to have been created at all.

The front door is locked quite tightly with a watchful security camera, but the window has been left unlocked. Also no one is watching the camera feed.

Comments URL: https://news.ycombinator.com/item?id=48339943

Points: 136

# Comments: 77

https://github.com/tsl0922/ttyd

A whole country’s worth of accounts just got access to a service we know is being laundered en masse and is also the same tech currently propping up many economies at the moment.

That same country is known for laundering other forms of liquidity. This is par for the course, not propaganda. And it’s going to be a huge problem by November.

Was your intention to be an example for resentment? Or are you an AI model demonstrating the embodiment of deserving of the resentment?

A voice is being demanded. Being louder and longer is exhausting to endure. Stop rewording and reworking the reasons into something with shape and direction, that only serves to strip the voice demanding being heard. It was written as it was meant. Slop is worse than a carbon copy, of a copy, of a copy.

A bug is a bug. A “potential vulnerability” is a bug. A vulnerability is verifiable as having security implications with a proof of concept or other substantial evidence.

Words matter. Bugs matter. It’s important to fix large amounts of bugs, just as it always has been, and has been done. Let that be impressive on its own, because it IS impressive.

Mythos didn’t write 271 PoC for vulnerabilities and demonstrate code path reachability with security implications. Mythos found 271 valid bugs. Let that be enough.

The platforms you listed are all primarily text-based and the interaction lives in the DOM with happy paths defined. Still, you will find that clipboard media with a MIME type will prompt you with a Google provided modal to paste a very specific way to get around the permissions model in Google Docs etc…

An RDP interface is not a text box with features on top, the standing expectations for those existing behaviors do not apply. Namely clipboard, and any I/O for that matter. For example, the linked repo uses a protocol bridge (I/O) to support the RDP protocol from a browser, because “the browser speaks protocols” is a true general statement, but absolutely doesn’t apply when you actually need to get something non-trivial done.

At its core, when someone points to the Google Chrome desktop icon and says “that’s the internet” there’s really no point in discussing the nuance in most cases, because anything non-trivial immediately invalidates that understanding of the world and reaching that point organically is far more important than it being explained to them preemptively.

They are correct, because the nuance applies. Welcome to the un-happy path!

When a new software fuzzer with thorough orchestration appears, there’s a flood of bugs discovered and a lot of excitement. The excitement is always well deserved, but it doesn’t change the fact that that’s realistically only managed to solve the easiest part of the process.

There’s a competition, Binary Golf Grand Prix (BGGP), for which BGGP3 involves finding a crashing input, demonstrating control of PC, hijacking control of output, authoring a patch that is accepted, and producing a writeup with points-based scoring system.

https://binary.golf/3/

Go ahead. Read the scope of the challenge. That’s the job experts are capable of _for fun_.

It’s not an LLM benchmark suite; it’s the baseline gamified end-to-end task for those that actually know what needs to be done for cyber. You’re lucky if an LLM can get you a non-duplicate first step that’s not directly in the examples or other write-ups.

Of course, an expert can drive it end-to-end successfully a bit easier now. Just like with a new fuzzer.

If my grandma can ask Mythos to find a SQLi vulnerability that’s wildly impressive if it succeeds. It doesn’t change the fact that she has no idea what to do next. That’s chaos, not weaponization. And chaos just means more job security for cyber, not less. Spend enough time in cyber and you’ll know branded chaos is a regular thing and not much to be worried about.

Remember when the NSA released Ghidra and the barrier to professional reverse engineering tools wasn’t a $30k IDA license and everyone was gonna be a reverse engineer finding bugs? The hype at the time was insane, and there was chaos, and there was more bugs found. And that was that. Now we have Ghidra which is impressive and I use it.

I’m personally quite excited for what Mythos is claimed to be. It’s great news for me as a defender.

Similar to iOS Before First Unlock (BFU) security mechanisms being stronger and less capable overall, so too do you see this behavior on Windows.

The user mode lock screen is simply a full screen app, for which glitching the resolution of an “external” monitor which video out ports is often enough to desync the resolution of the full screen lock screen app and the full logged in user desktop behind it. IE: you can just… click past the lock screen app briefly running at a smaller resolution. As you might imagine, there’s a timing aspect to this.

That’s why this behavior exists.

If the narrative of a platform is intentionally divisive and making them appear left, leaving is the only way to both be center and present as center.

A warped perspective is hard to spot if you’ve been staring at it too long.

It’s been clear since December of last year what the planned trajectory and partnerships would be.