In totally unexpected and surprising turn of events #ChatGPT search is vulnerable to simple prompt injection. Never trust AI tools for critical decisions. https://www.theguardian.com/technology/2024/dec/24/chatgpt-search-tool-vulnerable-to-manipulation-and-deception-tests-show

#realstupidity #enshittification

The ZuckNet reminded me that back in 2016 I retweeted -

Retweeted Stian Husemoen (@stianhu):
«Real stupidity beats artificial intelligence every time».

I'm not sure that has actually aged well.

#artificialintelligence #ai #realstupidity #stupidity

Another terrible omission in the Cloud Application Security Assessment (CASA) : Not a word about dependencies. "Clone the application repository within this folder and ..."

Sure. It'll be fine that the app also includes whole of webkit and gazillion other external dependencies and the scan absolutely says nothing about them...

If it appears that I'm not very impressed by this thing, it is because I'm not.

So who is demanding CASA Tier 2 security for apps accessing their systems? For example Google.

#realstupidity #rant

I find it hilarious that FluidScan outright fails to work when following instructions from Cloud Application Security Assessment (CASA). Then again this means that the scan result file is empty, and thus you're technically compliant. Right?

Just joking - this is not how it goes, but I just hate when tooling and documentation is left to rot.

https://appdefensealliance.dev/casa/tier-2/ast-guide/static-scan

#realstupidity #borkage

Recently a dude discovered a vulnerabilty from #AssaAbloy electronic lock: He found a way to bypass the electronic security in the device to open the lock without any traces. Rather than contacting the company with his discovery to get it fixed, he recruited his brothers to extort money (€37m) from the company. The brothers claimed it was a business negotiation where they offered the company first right to buy their findings - If the company would not buy the research they'd rather just post the information online. Interestingly the mastermind behind the #extortion plan was a former police officer, having also worked at National Bureau of Investigation. They had taken some steps to try to conceal their identity (buying a new burner laptop and using prepaid mobile internet plan). Needless to say they failed hard at #opsec and got caught. The brothers got sentenced to nearly 3 years (3 years is the maximum for aggravated extortion).

Needless to say if you find a security flaw (software, hardware, process), do not do what these guys did.

YLE - Court jails 3 brothers for €37m Abloy extortion attempt: https://yle.fi/a/74-20096976

#security #crimedoesntpay #realstupidity

Earlier today I searched on an interesting question, and found this article that appears to have been generated synthetically by an LLM AI and not proofread at all by humans.

Can you spot where it breaks?

"Can I Use a Crows Foot on a Torque Wrench? Explained by Experts"

By Michael Graw
September 22, 2023

https://www.toolsadvisor.org/can-i-use-a-crows-foot-on-a-torque-wrench/

when #ArtificialIntelligence demonstrates #RealStupidity