Items tagged with: AISlop

Search

Items tagged with: AISlop

I'm sure @bagder is thrilled to learn about the PRs Microsoft's Copilot agent is creating in the dotnet runtime repository and is strongly considering the same for cURL 😅 (Also: poor Stephen Toub!) #AISlop

old.reddit.com/r/ExperiencedDe…

#aislop @daniel:// stenberg://

This thing works by generating fake vulnerability reports. Here are some of the qualities of the HackerOne report 3125832 sent to #curl:
- It looks convincing at a glance, especially if you're not a subject matter expert.
- It's vague about actual repro steps. It makes it impossible for the victim project to reproduce the issue. For example, it makes up fake patches against non-existent, imaginary code.
- It refers to functions and methods that do not exist (in case someone tries to look for them). When confronted, the attacker refer to some old or new versions of components, using non-existent commit hashes.
- The report makes up some convincing functionality or names that are novel, but don't really exist.

An expert’s look at the report shows the number of discrepancies, but finding them takes time and effort. It requires attention from a subject matter expert, with limited resources.

The real exploit here is that the attacker (evilginx) exploits the fact that the victims (the orgs who paid the attacker money) don't have the capacity to perform thorough analysis and rather just pay up. TL;DR: It's cheaper to pay the bug bounty than hire an expert to perform true analysis.

Why didn't it work against the curl project? The attacker miscalculated badly. Curl project is not a company and has far greater capability in security response than your average org. Also they can smell #aislop miles away.

#curl #aislop

#hackerone #aislop

#aislop

Search for “Google Slides” & you may see that the first image they select for one of their flagship office softwares is... Someone’s SEO-cash-grab “custom product” spam. Plastic slippers with the Google slides icon on them? Google’s own intellectual property is being parasitized here. What chance do independent artists stand? Google doesn’t care, as long as they are paid by search spammers who, in turn, somehow think this will make money. #search #searchCrisis #AISlop #google #ai #sloppocalypse
Plastic slippers with the Google slides icon on them the image is a rendering of a custom product.
#google #AI #search #aislop #searchcrisis #sloppocalypse

#tatting #lacemaking #aislop #bobbinlace #needlelace @404 Media

⇧