It's amazing how fast attitudes to security in the industry has changed.
-
It's amazing how fast attitudes to security in the industry has changed. Like, I remember in 2023ish spending a while working on a system to securely trigger remote builds, because we couldn't have our slack chatbots on the same network as our Jenkins server
And in 2026 they just give a 3rd party LLM write access to both + the git repo
-
R relay@relay.infosec.exchange shared this topic
-
It's amazing how fast attitudes to security in the industry has changed. Like, I remember in 2023ish spending a while working on a system to securely trigger remote builds, because we couldn't have our slack chatbots on the same network as our Jenkins server
And in 2026 they just give a 3rd party LLM write access to both + the git repo
@foone I do wonder how certain industries and institutions are doing under the pressure to conform to these new ways of doing things (banks, hospitals, scientists)
-
@foone I do wonder how certain industries and institutions are doing under the pressure to conform to these new ways of doing things (banks, hospitals, scientists)
@wtrmt I imagine a lot of security staff is losing their hair
-
@wtrmt I imagine a lot of security staff is losing their hair
-
It's amazing how fast attitudes to security in the industry has changed. Like, I remember in 2023ish spending a while working on a system to securely trigger remote builds, because we couldn't have our slack chatbots on the same network as our Jenkins server
And in 2026 they just give a 3rd party LLM write access to both + the git repo
You forgot the part where a developer deletes production database and its all volume backups via an agent in 9 seconds, and forces the agent to confess the error.
Like the agent has its own mind.
Unbelievable.
-
It's amazing how fast attitudes to security in the industry has changed. Like, I remember in 2023ish spending a while working on a system to securely trigger remote builds, because we couldn't have our slack chatbots on the same network as our Jenkins server
And in 2026 they just give a 3rd party LLM write access to both + the git repo
look I'm a hacker, and social engineering is one of the oldest and most important tools in a hacker's toolbox
but I refuse to social engineer a computer program, that's just wrong.
-
look I'm a hacker, and social engineering is one of the oldest and most important tools in a hacker's toolbox
but I refuse to social engineer a computer program, that's just wrong.
if I can convince your chatbox to add a new dependency to your software and push a new version to prod, it's just not worth my time to bother
-
look I'm a hacker, and social engineering is one of the oldest and most important tools in a hacker's toolbox
but I refuse to social engineer a computer program, that's just wrong.
@foone "syntax fuzzing"
-
if I can convince your chatbox to add a new dependency to your software and push a new version to prod, it's just not worth my time to bother
I have SEPARATE TOOLS and TECHNIQUES for hacking humans and computer hardware and computer software. Mixing them up is just wrong and unfun.
-
It's amazing how fast attitudes to security in the industry has changed. Like, I remember in 2023ish spending a while working on a system to securely trigger remote builds, because we couldn't have our slack chatbots on the same network as our Jenkins server
And in 2026 they just give a 3rd party LLM write access to both + the git repo
@foone I love this sort of stuff tbh. Just like NFTs, it's great to have a filter like this that clearly shows who's actually nuts and who isn't.
-
I have SEPARATE TOOLS and TECHNIQUES for hacking humans and computer hardware and computer software. Mixing them up is just wrong and unfun.
hacking a computer program pretending to be a human is like some weird neo-victorian parlor game in The Diamond Age
-
hacking a computer program pretending to be a human is like some weird neo-victorian parlor game in The Diamond Age
@foone it has also passed through our mind that if there is ever some really high-stakes version in which we have to do so, for survival's sake, our ability to do it will depend on the extent to which our personal way of thinking is under-represented in the training set. so we're not eager to donate our efforts to anyone's training set.
-
You forgot the part where a developer deletes production database and its all volume backups via an agent in 9 seconds, and forces the agent to confess the error.
Like the agent has its own mind.
Unbelievable.
@bayindirh @foone can't have vulnerabilities without any production!
-
You forgot the part where a developer deletes production database and its all volume backups via an agent in 9 seconds, and forces the agent to confess the error.
Like the agent has its own mind.
Unbelievable.
@bayindirh yeah that story (and some recent experiences I can't go into) is what prompted this
-
@bayindirh @foone can't have vulnerabilities without any production!
-
@foone I do wonder how certain industries and institutions are doing under the pressure to conform to these new ways of doing things (banks, hospitals, scientists)
@foone I used to work for a bank with a huge security overhead. The machines that everyone used had quite a few limitations due to security. Windows 11 w Copilot must have them like the Chihuahua from Ren & Stimpy
-
It's amazing how fast attitudes to security in the industry has changed. Like, I remember in 2023ish spending a while working on a system to securely trigger remote builds, because we couldn't have our slack chatbots on the same network as our Jenkins server
And in 2026 they just give a 3rd party LLM write access to both + the git repo
@foone but on the other hand the regulators still haven't read the correct horse battery staple XKCD cartoon and still demand stupid passwords that everyone forgets.
-
It's amazing how fast attitudes to security in the industry has changed. Like, I remember in 2023ish spending a while working on a system to securely trigger remote builds, because we couldn't have our slack chatbots on the same network as our Jenkins server
And in 2026 they just give a 3rd party LLM write access to both + the git repo
@foone How long until I can find sensitive government & corporate computers exposed to the Internet by wardialing again? Maybe malicious actors can start asking company chatbots to open telnet ports.
-
It's amazing how fast attitudes to security in the industry has changed. Like, I remember in 2023ish spending a while working on a system to securely trigger remote builds, because we couldn't have our slack chatbots on the same network as our Jenkins server
And in 2026 they just give a 3rd party LLM write access to both + the git repo
@foone people stopped caring. this is what 'work alienation' does to 'the work'. it removes the craft, the skill. workers are swapped out like Legos before they become invested in the work, before they become expensive.
the quality stops mattering, because the company will stop existing in 5 years, when guarantees turn into lawsuits.
funds are received to start projects, but every one leaves before the finish. no one is responsible. no one cares.
-
@foone I used to work for a bank with a huge security overhead. The machines that everyone used had quite a few limitations due to security. Windows 11 w Copilot must have them like the Chihuahua from Ren & Stimpy
