Today a bunch of my open-source projects got slammed by incorrect AI-written vulnerability reports demanding $299 for disclosure

issyl0@ruby.social

@jonty I escalated to the spam team and the account is now ️.

jonty@chaos.social

@issyl0 I did wonder how that happened so quickly after me posting here! Thank you!

I've just raised a complaint at Stripe too, so hopefully that will nuke the account there before anyone is taken in.

cy@chaos.social

@jonty ai beg bounty. seeing this a lot lately on security.txt contact mails also

jarkman@chaos.social

@jonty what a shitty business model!

endlessmason@hachyderm.io

@jcoglan @jonty
Another vulnerability: not doing plural(s) correctly

badsamurai@infosec.exchange

@kkarhan @jonty strongly in favor of this. They are committing crimes.

kkarhan@infosec.space

@badsamurai @jonty reminds me of #Certik holding #Shitcoins from #Kraken in a very unethicalcway after successfully being able to get some...

pl@cosocial.ca

@jonty but it has a scan hash!!

david_chisnall@infosec.exchange

@jonty

Some legitimate folks got burned by doing this because asking for money to not do a bad thing meets the legal definition of blackmail, even if it's well intentioned. If they have an actual business that they want you to contact, you may be able to get the police involved.

impulse9@chaos.social

@issyl0 @jonty thank you!

spaceinvader@social.securitytheater.net

@jonty Yeah, I wouldn’t pay $299 for something with only a SHA-256 seal! That’s more than $1/bit.

eatyourgreens@mastodon.social

@jonty isn’t extortion a teensy bit illegal in the UK?

luc0x61@mastodon.gamedev.place

@jonty When you have a perfect idiot machine to generate massive scam, why don't?
Here's the real added value of LLMs, where to monetize on.

guillotine_jones@beige.party

@jonty
Who said Ai isn't making money?

n1xnx@tilde.zone

@jonty
Sounds like criminal extortion to me.
Send a C&D letter and f9ile a complaint with the police? Since it's over the wire, that makes it Federal if it's in the US.

nobody@mastodon.acm.org

@jonty
"You're in a desert, Leon, walking along in the sand ..."

tr4nt0r@chaos.social

@jonty more like Veritas scamming engine. Also got an issue yesterday, but it was empty without any details. But I instantly deleted it and blocked the account.

rndanger@infosec.exchange

@eatyourgreens @jonty
Not if you put pressure on the right people

musevg@23.social

@jonty @da_667
So… This is your code? And they created an issue about 2 alleged vulnerabilities and are asking you for $299 to disclose them to you?

xeno@hexokina.se

@jonty@chaos.social this is just a sloppy attempt at automated extortion

(to the creator of this “””tool”””) get fucked mate