Today a bunch of my open-source projects got slammed by incorrect AI-written vulnerability reports demanding $299 for disclosure

jonty@chaos.social

Today a bunch of my open-source projects got slammed by incorrect AI-written vulnerability reports demanding $299 for disclosure

issyl0@ruby.social

@jonty what

jcoglan@mastodon.social

@jonty I got a vulnerability for you: mixing latin and greek terms in the same phrase

kkarhan@infosec.space

@jonty if this were to happen to me I'd press charges for blackmail, extortion whilst notifying said platforms to quick-freeze records as they'll be listed as withnesses for the police to collect evidence from.

• Also I'd publicly #NameThemBlameThem and ban them from my projects.
  • As I did in more than one case.

issyl0@ruby.social

@jonty I escalated to the spam team and the account is now ️.

jonty@chaos.social

@issyl0 I did wonder how that happened so quickly after me posting here! Thank you!

I've just raised a complaint at Stripe too, so hopefully that will nuke the account there before anyone is taken in.

cy@chaos.social

@jonty ai beg bounty. seeing this a lot lately on security.txt contact mails also

jarkman@chaos.social

@jonty what a shitty business model!

endlessmason@hachyderm.io

@jcoglan @jonty
Another vulnerability: not doing plural(s) correctly

badsamurai@infosec.exchange

@kkarhan @jonty strongly in favor of this. They are committing crimes.

kkarhan@infosec.space

@badsamurai @jonty reminds me of #Certik holding #Shitcoins from #Kraken in a very unethicalcway after successfully being able to get some...

pl@cosocial.ca

@jonty but it has a scan hash!!

david_chisnall@infosec.exchange

@jonty

Some legitimate folks got burned by doing this because asking for money to not do a bad thing meets the legal definition of blackmail, even if it's well intentioned. If they have an actual business that they want you to contact, you may be able to get the police involved.

impulse9@chaos.social

@issyl0 @jonty thank you!

spaceinvader@social.securitytheater.net

@jonty Yeah, I wouldn’t pay $299 for something with only a SHA-256 seal! That’s more than $1/bit.

eatyourgreens@mastodon.social

@jonty isn’t extortion a teensy bit illegal in the UK?

luc0x61@mastodon.gamedev.place

@jonty When you have a perfect idiot machine to generate massive scam, why don't?
Here's the real added value of LLMs, where to monetize on.

guillotine_jones@beige.party

@jonty
Who said Ai isn't making money?

n1xnx@tilde.zone

@jonty
Sounds like criminal extortion to me.
Send a C&D letter and f9ile a complaint with the police? Since it's over the wire, that makes it Federal if it's in the US.

nobody@mastodon.acm.org

@jonty
"You're in a desert, Leon, walking along in the sand ..."