Jonty Wareing
Today a bunch of my open-source projects got slammed by incorrect AI-written vulnerability reports demanding $299 for disclosure
Mar 1 at 12:40pmWeb
Show threadIssy LongMar 1
@jonty what
Show threadjcoglanMar 1
@jonty I got a vulnerability for you: mixing latin and greek terms in the same phrase
Show threadEndlessMasonMar 1
@jcoglan @jonty
Another vulnerability: not doing plural(s) correctly
Show threadKevin Karhan Mar 1

@jonty if this were to happen to me I'd press charges for blackmail, extortion whilst notifying said platforms to quick-freeze records as they'll be listed as withnesses for the police to collect evidence from.

Show threadB'ad Samurai 🐐🇺🇦Mar 1
@kkarhan @jonty strongly in favor of this. They are committing crimes.
Show threadKevin Karhan Mar 1
@badsamurai @jonty reminds me of #Certik holding #Shitcoins from #Kraken in a very unethicalcway after successfully being able to get some...
Show threadIssy LongMar 1
@jonty I escalated to the spam team and the account is now ⚰️.
Show threadJonty WareingMar 1

@issyl0 I did wonder how that happened so quickly after me posting here! Thank you!

I've just raised a complaint at Stripe too, so hopefully that will nuke the account there before anyone is taken in.

Show threadYannick A. HaarschnittMar 1
@issyl0 @jonty thank you!
Show threadChris | cyMar 1
@jonty ai beg bounty. seeing this a lot lately on security.txt contact mails also 💔
Show threadWorkshopshedMar 1
@jonty Ah yes the Automated scam Industry....
Show threadjarkmanMar 1
@jonty what a shitty business model!
Show threadpLMar 1
@jonty but it has a scan hash!!
Show threadDavid Chisnall (*Now with 50% more sarcasm!*)Mar 1

@jonty

Some legitimate folks got burned by doing this because asking for money to not do a bad thing meets the legal definition of blackmail, even if it's well intentioned. If they have an actual business that they want you to contact, you may be able to get the police involved.

Show threadSpace InvaderMar 1
@jonty Yeah, I wouldn’t pay $299 for something with only a SHA-256 seal! That’s more than $1/bit.
Show threadEvil Jim O’DonnellMar 1
@jonty isn’t extortion a teensy bit illegal in the UK?
Show thread2xfoMar 1
@eatyourgreens @jonty
Not if you put pressure on the right people
Show threadlucaMar 1
@jonty When you have a perfect idiot machine to generate massive scam, why don't?
Here's the real added value of LLMs, where to monetize on.
Show threadGuillotine Jones, FlâneurMar 1
@jonty
Who said Ai isn't making money?
Show threadSteve HerseyMar 1
@jonty
Sounds like criminal extortion to me.
Send a C&D letter and f9ile a complaint with the police? Since it's over the wire, that makes it Federal if it's in the US.
Show threadElse, SomeoneMar 1
@jonty
"You're in a desert, Leon, walking along in the sand ..."
Show threadManu  Mar 1
@jonty more like Veritas scamming engine. Also got an issue yesterday, but it was empty without any details. But I instantly deleted it and blocked the account.
Show threadM SchommerMar 1
@jonty @da_667
So… This is your code? And they created an issue about 2 alleged vulnerabilities and are asking you for $299 to disclose them to you?
Show threadXenotime, Librarian of Æther Mar 1
@jonty this is just a sloppy attempt at automated extortion

(to the creator of this “””tool”””) get fucked mate
Show threadGerardMar 1
@jonty Ahhh, it's Shakedown-as-a-Service now.
Show threadRealGene ☣️Mar 2
@jonty
Interesting that all that analysis came to $299. Odd-point pricing isn't usually applied when you're talking about fee-for-service…