hanno
This is really a "WTF how could they ever think this is a good idea?" kind of vulnerability. Usually the kind of stuff you get from shady, incompetent startups, but this is Google...
https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules
Google API Keys Weren't Secrets. But then Gemini Changed the Rules. ◆ Truffle Security Co.

Google spent over a decade telling developers that Google API keys (like those used in Maps, Firebase, etc.) are not secrets. But that's no longer true.

Feb 26 at 8:02amWeb
Show threadSiguzaFeb 26
@hanno we've long entered the era where Big Tech is shady and incompetent. The products they ship are broken and amateurish, their representatives constantly lie to you, and the only thing the companies are really concerned with is pumping their stock price.
Show threadMatúš ChochlíkFeb 26
@hanno Google *is* a shady incompetent startup. It just has a lot of VC money.
Show threadGaelan SteeleFeb 26

@hanno why is this report so many goddamn words. it’s at least 50% LLM fluff by volume

(yes the bug is incredibly silly too, but c’mon)

Show threadAndrea LazzarottoFeb 26

@Gaelan @hanno I read the whole thing and it does not show any signs of being LLM content.

It’s quite a solid piece of research that, unlike many other posts, actually explain the vulnerability in terms that can be understood even by junior developers.

Show thread7heoFeb 26
@hanno
Show threadSammy Arson, flirting with the hard left :3Feb 26
@hanno today in "things that make you want to scream"
Show threadVoxelLibraryFeb 26
@hanno The golden age of hacking is upon us
Show threadJoacim JacobssonMar 1
@hanno if I was religious this would definitely warrant a stern ”Jesus Christ!”
Show threadgloriouscowMar 2
@hanno that seems not good. possibly even bad