new | ask | show | jobs
mrandish a day ago  [ - ]

This quote from TFA is highly likely to be a conflation, exaggeration or extrapolation of what actually happened:

> "On June 11th Mark Warner, the vice-chair of the Senate Intelligence Committee, said that General Joshua Rudd, who leads the National Security Agency and the Pentagon’s Cyber Command, had told him that Mythos “broke into almost all of our classified systems, not in weeks, but in hours”"

Why:

1. It's a paraphrase of a 2nd hand conversation and (at least) the last two 'telephone game' recipients are a U.S. Senator and a general, not security domain or IT experts. 2. Motivated communication: The Senator claimed this to justify the necessity of unprecedented restrictions that he agrees with. 3. The original testimony to the Intelligence Committee was almost certainly detailed, nuanced and highly classified, making this an extreme paraphrase.

In saying this, I'm not claiming Mythos may not be a security issue or that something directionally like this wasn't reported. But given the indirect, circuitous path, it's quite easy to imagine the original testimony was more like "Mythos identified a potential vulnerability we rated "Severe" in a critical system and we believe it could find similar vulnerabilities in any of our systems."

HillRat 12 hours ago  [ - ]

The journalist later admitted that he failed to provide the appropriate context and nuance, which comes down to "red team pen-testers who already had high-side network access were able to more quickly and effectively compromise systems when they were using Mythos as part of their workflow," which is a pretty crucial distinction to make between that and the spectre of Skynet that the article raises.

hnburnsy 7 hours ago  [ - ]

JFC thats is not even remotely close.

hnburnsy 6 hours ago  [ - ]

Here is the update from The Economist...

>An update. A US official tells me that Sen. Warner misunderstood the NSA director Gen. Rudd in this case. Rudd did use the 'hours, not weeks' wording, but the use of Mythos in this context was—as widely assumed—part of a red-teaming effort, i.e. testing the security of internal networks

https://x.com/shashj/status/2069078104941961293?s=20

dostick a day ago  [ - ]

Why not use Mythos to hack them and see what the report was

zombot 14 hours ago  [ - ]

When you get your hands on it, let me know.