lol oh my god i feel **so fucking smug** right now, it's incredible.
-
RE: https://mstdn.social/@hkrn/116284264915152671
lol oh my god i feel **so fucking smug** right now, it's incredible. my whole body is tingling.
@peter it isn’t even necessary to compromise repos. If a malicious actor posts enough malicious code that gets mingled with the LLM training data, some poor souls will start vibe-coding malicious code directly into their own products.
-
picking through the various bits and pieces of this story, i kind of think what really happened is the dev accounts got pwned, and then the attackers were able to push a bad version to PyPi and people pip installed it from there. so as far as a "supply chain" attack, LiteLLM is the part of the supply chain that got attacked, it's not like they accidentally vibe-coded something malicious into their project.
but this still goes back to what i was saying: this AI ecosystem is developing **way** too fast and without the kind of maturity that is naturally required when you have lots of people working on a thing. so with berri.ai, you had ~2 guys in their 20s building this thing at break-neck speed that became the linchpin to waaaaay too much of the "AI" ecosystem and now look what's happened.
-
@peter it isn’t even necessary to compromise repos. If a malicious actor posts enough malicious code that gets mingled with the LLM training data, some poor souls will start vibe-coding malicious code directly into their own products.
@jongary 100%!!
-
RE: https://mstdn.social/@hkrn/116284264915152671
lol oh my god i feel **so fucking smug** right now, it's incredible. my whole body is tingling.
@peter The crypto wallet checker in this compromise really underlines the fact that there's so much overlap between LLM boosters and crypto boosters. It's all the same marks. They just found something easier to sell to people.
-
@peter The crypto wallet checker in this compromise really underlines the fact that there's so much overlap between LLM boosters and crypto boosters. It's all the same marks. They just found something easier to sell to people.
@tael i think also, banks and payment processors have made it so much more difficult to steal and do anything with credit card numbers that there's not much point in going after those anymore, especially when finding someone's crypto passphrase is like picking up money off the ground.
-
RE: https://mstdn.social/@hkrn/116284264915152671
lol oh my god i feel **so fucking smug** right now, it's incredible. my whole body is tingling.
@peter oh my a day ending in -y
-
let's see, who can i tag about this... @davidgerard will definitely want to know. @tante maybe. idk, tag your favorite cyber-security person. this might be the mother of all LLM supply chain attacks lol. @briankrebs
@peter @tante @briankrebs thank you for this comedy gold
-
@tael i think also, banks and payment processors have made it so much more difficult to steal and do anything with credit card numbers that there's not much point in going after those anymore, especially when finding someone's crypto passphrase is like picking up money off the ground.
@peter It's easy to siphon crypto, yeah, but turning that into spendable money has gotten much, much more difficult than it used to be.
-
oh my fucking god.
@peter is wrapping a vibe coded mess into a package so it looks reasonable the new sub-prime mortgage?
-
@peter @tante @briankrebs thank you for this comedy gold
@peter @tante @briankrebs we've replaced Jia Tan with a very small prompt
-
there are **tons** of AI-related projects that use LiteLLM. it is a key part of the basic infrastructure of LLM-based development. if you use an LLM-based project, there is a good chance it uses LiteLLM.
That xkcd comic with the stacked blocks, but instead of one guy in Nebraska, it's LLM slop.
-
@peter @tante @briankrebs thank you for this comedy gold
@tante@tldr.nettime.org @davidgerard@circumstances.run @briankrebs@infosec.exchange @prietschka@mastodon.social @peter@thepit.social
@prietschka You're gonna get a laugh out of this one, methinks.
-
@tante@tldr.nettime.org @davidgerard@circumstances.run @briankrebs@infosec.exchange @prietschka@mastodon.social @peter@thepit.social
@prietschka You're gonna get a laugh out of this one, methinks.
@dogiedog64 @tante @briankrebs @prietschka @peter lol god yes he will
-
RE: https://mstdn.social/@hkrn/116284264915152671
lol oh my god i feel **so fucking smug** right now, it's incredible. my whole body is tingling.
@peter Semi-related: anyone know why that issue had hundreds of bot replies like "this worked for me"? Is that reputation farming or an active strategy to bury important information in slop?
-
plenty of good chatter on Hacker News about it. https://news.ycombinator.com/item?id=47501729
looks grim!!
@peter I am, for one rare moment, actually glad to read the HN comments. The one from the dude complaining that blocking all downloads of the compromised package breaks all his setups because they're written to automatically pull a bunch of packages off the net every time they start was... :chefskiss:
-
@peter I am, for one rare moment, actually glad to read the HN comments. The one from the dude complaining that blocking all downloads of the compromised package breaks all his setups because they're written to automatically pull a bunch of packages off the net every time they start was... :chefskiss:
@wordshaper@weatherishappening.net lmao oh my god that one is amazing
-
@peter Semi-related: anyone know why that issue had hundreds of bot replies like "this worked for me"? Is that reputation farming or an active strategy to bury important information in slop?
@slab_bulkhead people were saying it's a thing this particular group does to muddy the water. pretty clever!
-
R relay@relay.an.exchange shared this topic
-
@peter is wrapping a vibe coded mess into a package so it looks reasonable the new sub-prime mortgage?
-
RE: https://mstdn.social/@hkrn/116284264915152671
lol oh my god i feel **so fucking smug** right now, it's incredible. my whole body is tingling.
@peter
I could also see from the description on what's stolen by the credential collecting part - almost all tools and their config files are those that don't follow XDG directories structure.
So, if an attacked computer configured properly, these credentials are just not there to be stolen. That's kinda hilarious.
An example: even if I have to have a .ssh in root of the homedir, it's a symlink into the .config/ssh, where no keys are present in the ~/.config/ssh (and config file is parameterised, so it doesn't include key paths, for example). -
R relay@relay.mycrowd.ca shared this topic
-
RE: https://mstdn.social/@hkrn/116284264915152671
lol oh my god i feel **so fucking smug** right now, it's incredible. my whole body is tingling.
@peter lmao my ass off
-
R relay@relay.infosec.exchange shared this topic
