Comment Re:Parent's phone gets dialog to approve .... (Score 4, Informative) 89
Submission + - Fundamental architectural flaw in cryptographic trust
“Attested TLS: the handshake that can't prove who's on the other end”
“Muhammad Usama Sardar, a researcher at TU Dresden, has spent the past two years formally verifying whether that protocol, known as attested TLS, actually does what it claims. Using ProVerif, a tool for the symbolic security analysis of protocols, he and his co-authors discovered that it largely does not.”
Comment Re:Does a bear do something in the woods? (Score 1) 81
The ONLY problem is that not everyone else has done so yet. Government shouldn't be allowed to tax income and profit.
Comment Re:Is the main actress "barely legal" (Score 1) 172
Again, you were either eleven or you were living under a rock if you hadn't heard of the Transformers. Cuz if you had heard of it, you'd have known it was for kids and adolescents, and the female actress was there to keep the dads interested.
Comment Power infrastructure (Score 3, Funny) 192
And that's exactly why we need to build more power infrastructure, particularly nuclear, and hand it all over to AI companies for free.
Comment If the true problem was phone number privacy (Score 1) 30
then the solution is a number consisting of octal digits.
Comment I'm going to reserve "Dan Sullivan" (Score 1) 30
said both Dan Sullivans.
Submission + - AI Agent Executes 'First' End-To-End Ransomware Attack (theregister.com)
JadePuffer’s “self-narrating” payloads “contained natural language reasoning, target prioritization, and the kind of detailed annotations that human operators don’t often write but LLM-generated code produces reflexively,” Clark added. “The operation also adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds.” After exploiting CVE-2025-3248, a missing authentication vulnerability in Langflow that allows remote, unauthenticated attackers to execute arbitrary Python on the host, the AI agent began scanning for and collecting secrets, including LLM provider API keys, cloud credentials “with explicit coverage of Chinese providers” including Alibaba, Aliyun, Tencent, and Huawei, while also scanning for AWS, Azure and Google Cloud Platform, cryptocurrency wallets, and database credentials.
The AI also installed a crontab entry on the Langflow server to maintain persistence and call back to the attacker’s infrastructure every 30 minutes. JadePuffer’s intended target was a separate internet-exposed production server running a MySQL database and an Alibaba Nacos configuration service, we’re told. Nacos is an open-source service-discovery and dynamic configuration platform developed by Alibaba and used in the cloud provider’s microservices applications. The agent connected to the server's exposed MySQL port using root credentials, although Sysdig doesn’t know how the attacker obtained them. These credentials weren’t stolen from the victim’s environment.
JadePuffer then attacked Nacos via multiple vectors including an authorization bypass flaw (CVE-2021-29441) and forging a valid JSON web token (JWT) using Nacos's default signing key. Additionally, using its root database access, the LLM injected a backdoor administrator into the Nacos backing database. It ultimately encrypted all 1,342 Nacos service configuration items using MySQL's built-in AES encryption function, and created an extortion demand, ransom note, Bitcoin payment address, and a Proton Mail contact [...]. However, according to the threat hunters, the victim can’t recover the encrypted data, even if they paid the ransom demand, because the agent escalated “from row-level deletion to dropping entire database schemas, narrating its own targeting rationale,” without backing up any of the encrypted data.
Comment Re:"That trick never works." (Score 3, Interesting) 30
My Facebook account was assassinated a few years back for posting "#NEVERAGAIN" and a link to the British Holocaust Memorial Day Trust on May 6. Reason eventually given: the link to a HOLOCAUST REMEMBRANCE PAGE was supposedly "glorifying violent individuals or organizations."
That's right. Nazi Trash Filth Zuckerberg decided that saying "#NEVERAGAIN" about the Holocaust was somehow "glorifying" violent individuals or organizations...
Comment Re:Ya know... (Score 4, Informative) 30
Comment Re:Ya know... (Score 3) 30
Comment Re:Is the main actress "barely legal" (Score 1) 172
OK, so explain how you had supposedly never heard of the Transformers? They've been around since 1984.
Comment Irrevocable license per 17 USC 117 (Score 3, Informative) 78
The copyright statute of Slashdot's home country defines a "copy" as a physical object in which a work is embodied, such as a book, ROM cartridge, or optical disc. The statutory license associated with ownership of a copy of a computer program includes making intermediate copies "as an essential step" in the use of the program. Title 17, United States Code, section 117. Historically, console makers and game publishers have lacked power to revoke this license with respect to a particular copy of a game that isn't online-only. With the end of video game distribution on optical disc, this license becomes revocable, and that's the problem.
Comment Re: Obligatory religious joke (Score 1) 59
Paywalled!!l
Sorry, didn't see the paywall, script blocker blocked it.
Search for the phrase "Then they reached down to grab a handful of dirt to begin to form a man" and you will find many sites with this joke. At least one of them should be without a paywall.