Want to wade into the snowy surf of the abyss? Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid.
Welcome to the Stubsack, your first port of call for learning fresh Awful you’ll near-instantly regret.
Any awful.systems sub may be subsneered in this subthread, techtakes or no.
If your sneer seems higher quality than you thought, feel free to cut’n’paste it into its own post — there’s no quota for posting and the bar really isn’t that high.
The post Xitter web has spawned so many “esoteric” right wing freaks, but there’s no appropriate sneer-space for them. I’m talking redscare-ish, reality challenged “culture critics” who write about everything but understand nothing. I’m talking about reply-guys who make the same 6 tweets about the same 3 subjects. They’re inescapable at this point, yet I don’t see them mocked (as much as they should be)
Like, there was one dude a while back who insisted that women couldn’t be surgeons because they didn’t believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I can’t escape them, I would love to sneer at them.
(Credit and/or blame to David Gerard for starting this.)
So, there’s a kind of security investigation called “dorking”, where you use handy public search tools to find particularly careless software misconfigurations that get indexed by eg. google. One too, for that sort of searching it github code search.
Turns out that a) claude chat logs get automatically saved to a file under
.claude/logsand b) quite a lot of people don’t actually check what they’re adding to source control, and you can actually search github for that sort of thing with apath:code search query (though you probably need to be signed in to github first, it isn’t completely open).I didn’t find anything even remotely interesting (and watching people’s private project manager fantasy roleplay isn’t something I enjoy), but viss says they’ve found credentials, which is fun.
https://mastodon.social/@Viss/115923109466960526
git commit -am yeetis such a rich pasturewait, doesn't that imply that people are raw-dogging their creds into the chatbot window
If you only knew how bad things are.
'but legally they are not allowed to use our data for training' I have heard people say, 'don't worry the FDA (or well some equivalent) is very strict on this'.
That's somehow even dumber because it means they are actually aware of the risk but they lack the second braincell required to push it to the correct conclusion
Is this the first time you're hearing about that particular method of credential redistribution? People are putting all sorts of personal information and secrets into a chatbot conversation and any security advancements made by changing user sentiment has been one-shotted. It's a big problem that's just added onto the pile of other big problems and the sign by that pile that reads, "don't worry about it" just spontaneously caught fire.
Edit: adding this from Watchtowr as a prior example of extremely credulous user behavior that will certainly not inspire confidence, for which I am sorry.
"Is this the first time you're hearing about that particular method of sharing lewd imagery" he says about a man running butt-naked directly into the town square and screaming LOOK AT ME I AM BUTT-NAKED
Ye unfortunately it is. I mean it's obvious in hindsight someone would be this stupid, but jesus fucking christ
Post your credit card details to the blockchain while you're at it
Edit: read the Watchtowr post, jfc that's even fucking dumber, they explicitly fucking convert it to a saved URL?! My dudes. That's two galaxies and a nebula beyond "I accidentally 'git commit -am'med it"
The Watchtowr thing is totally "wallet inspectee in search of a wallet inspector" level of dumb.
One of the infosec folks I follow would post CVEs and the ones that were against AI or MCP systems were always this kind of thing. It's crazy because I don't think many other people express distrust about AI systems that are used for gatekeeping but I cannot trust them because waves hand at the everything.
Ahh, i knew there was a recent catastrophe involving people handing credentials and confidential information to third parties without a single thought or qualm, but couldn’t for the life of me remember what it was. Thanks!