What a shame that I no longer have access to my teenage-level conscience, I am sallivating at the idea of going wild with this and the Copy Fail cve.
The potential here to do all kinds of manipulation for search engines / AI tools is enormous. Perhaps the more scary thought is that someone could easily make an agent that would exploit both bugs to wipe out servers.
Good on these companies to publish their findings straight away as I'd imagine that both bugs would have fetched quite a lot on the black market.
> Good on these companies to publish their findings straight away as I'd imagine that both bugs would have fetched quite a lot on the black market.
You should read the other thread regarding copy fail and the gentoo maintainer. I haven't seen so many unhinged and outright rude comments on a security topic since the good old days of slashdot and x vs. y controversy of the day.
I wonder what the reason behind so much hostility is. Is it gentoo or the kernel folks or the fact that the company that found it used "AI"? No idea, but it was a weird read.
Especially weird when from their description they actually had an idea. ".splice()" and then just searched possibilities of that and then identified place and only then used AI to build something. Which they likely could have done manually too...
> You should read the other thread regarding copy fail and the gentoo maintainer Do you have a link?
It's this one: https://news.ycombinator.com/item?id=47965108