Forgot your password?
typodupeerror

Submission + - Fundamental architectural flaw in cryptographic trust

An anonymous reader writes: Confidential computing's core trust mechanism is broken. The fix may not exist

“Attested TLS: the handshake that can't prove who's on the other end”

“Muhammad Usama Sardar, a researcher at TU Dresden, has spent the past two years formally verifying whether that protocol, known as attested TLS, actually does what it claims. Using ProVerif, a tool for the symbolic security analysis of protocols, he and his co-authors discovered that it largely does not.”

Submission + - AI Agent Executes 'First' End-To-End Ransomware Attack (theregister.com)

An anonymous reader writes: They're not bad; they're just prompted that way. Sysdig threat hunters documented what they say is the first-ever documented agentic ransomware infection with an LLM — not a human — driving the entire extortion operation, from gaining initial access to compromising a production database server and destroying data. The security shop’s research team named the agentic intruder JadePuffer and said it gained initial access to an internet-facing Langflow instance by exploiting CVE-2025-3248, and then ran a fully automated attack. “The most striking characteristic, however, was the LLM's behavior,” Sysdig director of threat research Michael Clark said in a blog about the agentic ransomware and extortion operation.

JadePuffer’s “self-narrating” payloads “contained natural language reasoning, target prioritization, and the kind of detailed annotations that human operators don’t often write but LLM-generated code produces reflexively,” Clark added. “The operation also adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds.” After exploiting CVE-2025-3248, a missing authentication vulnerability in Langflow that allows remote, unauthenticated attackers to execute arbitrary Python on the host, the AI agent began scanning for and collecting secrets, including LLM provider API keys, cloud credentials “with explicit coverage of Chinese providers” including Alibaba, Aliyun, Tencent, and Huawei, while also scanning for AWS, Azure and Google Cloud Platform, cryptocurrency wallets, and database credentials.

The AI also installed a crontab entry on the Langflow server to maintain persistence and call back to the attacker’s infrastructure every 30 minutes. JadePuffer’s intended target was a separate internet-exposed production server running a MySQL database and an Alibaba Nacos configuration service, we’re told. Nacos is an open-source service-discovery and dynamic configuration platform developed by Alibaba and used in the cloud provider’s microservices applications. The agent connected to the server's exposed MySQL port using root credentials, although Sysdig doesn’t know how the attacker obtained them. These credentials weren’t stolen from the victim’s environment.

JadePuffer then attacked Nacos via multiple vectors including an authorization bypass flaw (CVE-2021-29441) and forging a valid JSON web token (JWT) using Nacos's default signing key. Additionally, using its root database access, the LLM injected a backdoor administrator into the Nacos backing database. It ultimately encrypted all 1,342 Nacos service configuration items using MySQL's built-in AES encryption function, and created an extortion demand, ransom note, Bitcoin payment address, and a Proton Mail contact [...]. However, according to the threat hunters, the victim can’t recover the encrypted data, even if they paid the ransom demand, because the agent escalated “from row-level deletion to dropping entire database schemas, narrating its own targeting rationale,” without backing up any of the encrypted data.

Comment Re:"That trick never works." (Score 3, Interesting) 30

My Facebook account was assassinated a few years back for posting "#NEVERAGAIN" and a link to the British Holocaust Memorial Day Trust on May 6. Reason eventually given: the link to a HOLOCAUST REMEMBRANCE PAGE was supposedly "glorifying violent individuals or organizations."

That's right. Nazi Trash Filth Zuckerberg decided that saying "#NEVERAGAIN" about the Holocaust was somehow "glorifying" violent individuals or organizations...

Comment Re:Ya know... (Score 3) 30

Meta as a company ought to have been shut down ages ago for so many violations of law. It's honestly amazing that they've managed to avoid it. Constant impersonation problems, constantly not just allowing but actually HELPING scam artists defraud people, constant security flaws that allowed for taken-over accounts, or that resulted in people losing their accounts through no fault of their own, irretrievably. The best advice I can offer someone is to NEVER use a Meta-owned system, ever.

Comment Irrevocable license per 17 USC 117 (Score 3, Informative) 78

The copyright statute of Slashdot's home country defines a "copy" as a physical object in which a work is embodied, such as a book, ROM cartridge, or optical disc. The statutory license associated with ownership of a copy of a computer program includes making intermediate copies "as an essential step" in the use of the program. Title 17, United States Code, section 117. Historically, console makers and game publishers have lacked power to revoke this license with respect to a particular copy of a game that isn't online-only. With the end of video game distribution on optical disc, this license becomes revocable, and that's the problem.

Slashdot Top Deals

The Tao is like a glob pattern: used but never used up. It is like the extern void: filled with infinite possibilities.

Working...