GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories (www.darkreading.com)
from kid@sh.itjust.works to cybersecurity@sh.itjust.works on 19 Apr 2024 11:40
https://sh.itjust.works/post/18056762

#cybersecurity

threaded - newest

higgsboson@dubvee.org on 19 Apr 2024 12:23 collapse

As threatening as malicious LLMs might be, Kang says, “At the moment, this doesn’t unlock new capabilities an expert human couldn’t do. As such, I think it’s important for organizations to apply security best practices to avoid getting hacked, as these AI agents start to be used in more malicious ways.”

milicent_bystandr@lemm.ee on 19 Apr 2024 12:40 collapse

So the risk is the llm makes vulnerabilities more accessible to less-expert hackers, and able to be targeted more easily to more victims by more attackers.

Player2@lemm.ee on 19 Apr 2024 17:16 collapse

Security through obscurity is not something that should be relied upon anyway. This just necessitates fixes to be implemented faster.

milicent_bystandr@lemm.ee on 19 Apr 2024 18:06 collapse

Shouldn’t rely on obscurity, but it still reduces the threat. Especially when you’re talking the difference between a few targeted attacks and an imminent worldwide attack.

If every wannabe hacker had the resources of the state sponsored groups (I realise that’s more extreme) a lot of our current and worthwhile security practice would be moot.

ToyDork@sh.itjust.works on 20 Apr 2024 17:56 collapse

Unfortunately, this is why we need Web³ (“NFT-based memberships” and login via crypto wallet) integration, even if it’s incredibly inconvenient to re-learn online transactions and yes, even if “fintech” is a giant financial bubble that will probably burst with horrible economic consequences. Built-in, standardized FOSS encryption is now the only way forward aside from (possibly) PayPal.

What’s worse is that this makes Windows and Mac OS untrustable. Linux fares better but would need to implement best practice as only practice.

Everything will need to be sandboxed like on smartphones now. Thanks a fucking lot, OpenAI.