fsebugoutzone.org:9999

       Posts by ret2bed@infosec.exchange
 (DIR) Post #AQHHFWwKNq7c3q1AnY by ret2bed@infosec.exchange
       2022-12-04T21:28:17Z
       
       1 likes, 0 repeats
       
       Oh FFS, they trained it on public HackerOne reports
       
 (DIR) Post #AQHHFZ3UWB2YcdNvF2 by ret2bed@infosec.exchange
       2022-12-04T22:53:23Z
       
       0 likes, 0 repeats
       
       It wants $500. I&#39;m done.
       
 (DIR) Post #ASsEdh4sywihW4on3I by ret2bed@infosec.exchange
       2023-02-20T12:09:14Z
       
       1 likes, 0 repeats
       
       That&#39;s interesting:https://github.com/chris-koch-penn/gpt3_security_vulnerability_scannerSomeone &quot;scanned&quot; a repo with many different test cases with GPT-3 and it was quite good at detecting vulnerabilities. However, these test cases usually had class names like LogInjectionClass, DirectoryTraversalTest etc.I checked and just changing the log injection class name to TestClass was enough so that it could not find the vulnerability anymore. Renaming it to LdapInjection convinced it that the vulnerability was indeed an LDAP injection.I don&#39;t think it would currently hold up as well as this repo tries to suggest.
       
 (DIR) Post #AcnE7L3iycNHLBCYKm by ret2bed@infosec.exchange
       2023-12-14T07:21:31Z
       
       0 likes, 0 repeats
       
       @tante in part 2 of this master plan they demand money for having their articles summarised. AI Leistungsschutzrecht. Don&#39;t tell me that&#39;s not the most likely outcome.
       
 (DIR) Post #AdTmcjVF6JybnmzLYu by ret2bed@infosec.exchange
       2024-01-03T19:43:31Z
       
       0 likes, 0 repeats
       
       @feld @jomo @lorenzofb I disagree. Maybe if the data of the affected user was the only data available when logging into an account but they have broken into a bunch of accounts and then stole further data from genetic matches iirc. Not preventing that kind of data theft when one of the parties did not have 2fa enabled is hardly the fault of the user but completely on the platform. This should not have been possible for accounts that don&#39;t have basic 2FA enabled.
       
 (DIR) Post #AdTtX4WYjNjawKqt9M by ret2bed@infosec.exchange
       2024-01-03T21:13:56Z
       
       0 likes, 0 repeats
       
       @feld @jomo @lorenzofb what do you mean? It states that your ancestry reports as well as additional information &quot;including genetic variants related to health&quot; are shared with genetic relatives if you enable the related feature.How even the most basic ancestry information can be used in the wrong hands is not that hard to imagine.https://www.wired.com/story/23andme-credential-stuffing-data-stolen/ And I would think the fact that it states only genetic relatives receive this kind of data would be enough to reassure users that the data was reasonably safe. Again imo access to that feature should have been restricted to user accounts with a certain minimum level of security, including 2FA.