this post was submitted on 24 Dec 2024
40 points (100.0% liked)

Hacker News

333 readers
388 users here now

RSS Feed of HackerNews

founded 3 months ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] nightwatch_admin@feddit.nl 10 points 1 day ago* (last edited 1 day ago) (6 children)

Agreed, but also: if it works and is merged, you get credited, and your Github account gets a better reputation. This makes it easier to deploy attacks like xz as you have a track record of merges.
Also, plain vandalism, because people are like that.

Edit: probably also bug bounty attempts. If you’ve ever been on the receiving side of a Responsible Disclosure program , you’ll know what I mean.

Edit edit: it’s all in the article, darnit. Sorry.

[–] syklemil@discuss.tchncs.de 1 points 1 day ago (3 children)

Yeah, I'd count that credibility as a real benefit from helping with bugs.

As far as xz scenarios go though, the AI slop seems to be a really bad strategy.

[–] nightwatch_admin@feddit.nl 2 points 1 day ago (2 children)

I agree, it isn’t a great tactic, but with enough attempts you’ll probably hit a few times.

[–] syklemil@discuss.tchncs.de 2 points 1 day ago (1 children)

Yeah, I don't disagree. And if you hit something small or relatively insignificant but common, that's all you need

[–] nightwatch_admin@feddit.nl 1 points 1 day ago

I ran an RD program years ago. Lots of bored and/or poor, greedy devs submitted metric shit tons of pseudo vulnerabilities (“if I do ctrl-u I can see source code on your web site!” No shit, Sherlock.). I can only imagine how much easier this has become with the help of generative ai…

load more comments (2 replies)