Re: axios compromise; run these 2 to immediately prevent exfiltration on macOS:
echo '127.0.0.1 sfrclak.com' | sudo tee -a /etc/hosts
sudo dscacheutil -flushcache
Saru 
- 29 Followers
- 146 Following
- 21 Posts
Security Researcher. All opinions are my own.
Vibe coding hijacks the brain's reward pathways in the exact same way gambling does. We've traded the gambler's '"this time I win" for the developer's "this time the code runs". Every time we hit yes on Claude Code's generated code, we're pulling the slot machine lever. It's the same exact thrill. Isn't it?
There's this infosec dude on linkedin who shills out hot steaming pile of massive AI slop every week. It's an OS one week, a VM the other, a relational database one week, then a k8 replacement, ... Just never stops. The claim is always faster, better, and cheaper than X. We're gonna see an astounding number of such incapable idiots run management and deploy slop to production systems. This field is about to self-implode.
the three horsemen of dogshit software products:
microsoft
hp
workday
Anyone else feel that langchain and llamaindex are extremely over-engineered?
Take: If AI-assisted emotional aids (chatbots, therapists, girlfriends, relationship coaches …) become ubiquitous in the coming years, we’ll see a profound shift in businesses focusing on genuine human to human interaction. While VCs put in millions of $$ into these AI businesses, a business developing great human connections and delivering experiences in 2024, is still a great investment opportunity.
in-flight wifi is such an untapped market. not a single airline does it well.
There’s nothing trashier in this world than an HP printer.
TIL Gödel was 25 when he came up with the Incompleteness Theorem 🫡
Great blog posts that helps one rethink (for better or worse) applied cryptography:
1. Seriously, stop using RSA: https://blog.trailofbits.com/2019/07/08/fuck-rsa/
2. Why AES-GCM Sucks: https://soatok.blog/2020/05/13/why-aes-gcm-sucks/
3: The Cryptographic Doom Principle: https://moxie.org/2011/12/13/the-cryptographic-doom-principle.html
4. Cryptocoding: https://github.com/veorq/cryptocoding
5. Let’s talk about PAKE: https://blog.cryptographyengineering.com/2018/10/19/lets-talk-about-pake/
6. Status of Post-Quantum Cryptography Implementation: https://blog.quarkslab.com/status-of-post-quantum-cryptography-implementation.html
7. Why I hate CBC-MAC: https://blog.cryptographyengineering.com/2013/02/15/why-i-hate-cbc-mac/
8. Reconstruct Instead of Validating: https://words.filippo.io/dispatches/reconstruct-vs-validate/
Seriously, stop using RSA
Here at Trail of Bits we review a lot of code. From major open source projects to exciting new proprietary software, we’ve seen it all. But one common denominator in all of these systems is that for some inexplicable reason people still seem to think RSA is a good cryptosystem to use. Let me save […]