kennwhite

@kennwhite@mastodon.social

cryptography • neuro • cloud • biscuits
ORD-DCA-NYC-BCN ✈️

This profile is from a federated server and may be incomplete. Browse more on the original instance.

kennwhite, to random

Today will be the day he gets that squirrel. He can just feel it.

kennwhite, to random

Hello my old arch nemesis. Let the games begin.

kennwhite,

Well it's not a—
Sure go wild.

kennwhite,

::reboots 3 times::
::desktop appears::

Me: Cool. Hi, I'd like to install this hello world Node.js script.

Node: Sure, just need to add one dependency.

Me: okey dokey

Node: And this build library.

Me: sure.

Node: Which requires this Python module.

Me: um…

Node: And of course this other Windows specific pkg installer

Me: I— wait, WTF is "chocolatey"??

Node: —which requires VS2017.

Me: No, I—

Node: Fatal: Exiting chocolatey abnormally. Please manually clean up anything not finished.

kennwhite, to random

Wow is the competition stiff this year for Black Hat USA. Some really solid research headed to the main stage in August.

kennwhite,

@azonenberg that's the heartbreaking part of being on the review board — there's just not enough slots to accommodate all the excellent submissions.

kennwhite,

First round of accepted BH talks are out. Super excited to see these!

https://www.blackhat.com/us-24/briefings/schedule/

kennwhite, to random

Good morning California.

kennwhite, to random

Nice to meet you, Vanuatu.

kennwhite, to random

It''s that time of year reviewing security conference submissions where the proposals range from: "I literally cannot provide a single coherent sentence about what the hell my talk is about." to: "I've been quietly working in solitude for 2 years and can now demonstrate full cross-customer pwn on [insert major cloud platform]. With zero logging or detection."

kennwhite, to random

Nice sunset in Melbourne.

kennwhite, to random

Good morning Sydney.

kennwhite,

@kcarruthers just passing through for a few days

kennwhite, to random

Incredible research at BlackHat Asia today by Tong Liu and team from the Institute of Information Engineering, Chinese Academy of Sciences (在iie.ac.cn 的电子邮件经过验证)

A dozen+ RCEs on popular LLM framework libraries like LangChain and LlamaIndex - used in lots of chat-assisted apps including GitHub. These guys got a reverse shell in two prompts, and even managed to exploit SetUID for full root on the underlying VM!

image/jpeg
image/jpeg

kennwhite,

TL;DR: The most popular chat-assisted app frameworks aren't even doing basic process sandboxing or sane file/network isolation. We are still very much in the early infancy of security maturity with current gen LLMs.

kennwhite, (edited )

Liu et al's preprint: https://arxiv.org/pdf/2309.02926.pdf
BlackHat abstract: https://www.blackhat.com/asia-24/briefings/schedule/index.html#llmshell-discovering-and-exploiting-rce-vulnerabilities-in-real-world-llm-integrated-frameworks-and-apps-37215

kennwhite,

@loke yes. I'm on the BH Asia review board and here for the rest of the conference.

kennwhite,

Tong's Google Scholar for related work: https://scholar.google.com/citations?hl=en&user=egWPi_IAAAAJ

kennwhite, to random

Good morning Singapore.

kennwhite, to random

Someone is really enjoying the warm spring day.

mekkaokereke, to random
@mekkaokereke@hachyderm.io avatar

Still relevant:

https://hachyderm.io/@mekkaokereke/111502639878997581

News is such a confused industry. In order for it to be successful, it needs the majority of people to find value in the news that it produces. Most people are not old, wealthy, straight, white, men, but most news stories are framed from that perspective, even when the framing is false and easily debunkable.

Most news rooms don't look anything close to the people that they need to buy their papers to have a sustainable business.

Failure is inevitable.

kennwhite,

@mekkaokereke I appreciate you, Mekka.

kennwhite, to random

Great concluding line by Nvidia's Jensen Huang.
https://www.wired.com/story/nvidia-hardware-is-eating-the-world-jensen-huang/ via @laurengoode

kennwhite, to random

I forgot to post this - here's some little friends we met last week at the beach.

three dogs on the beach under umbrella shade, a beagle mix, a brindle-striped adult, and a Jack Russel mix

kennwhite, to random

Spent some time relaxing with the family near São Paulo for the last week. It was very peaceful.

[alt: beach in southeast Brazil at dawn & sunset]

kennwhite, to random

Great story by @zackwhittaker and nice research by @chick3nman. PSA: don't use deterministic hashing/encryption schemes to hide sensitive data on low-cardinality fields.

Shorter version: don't try to protect critical national infrastructure without consulting a cryptography engineer.

https://techcrunch.com/2024/03/30/att-reset-account-passcodes-customer-data/

  • All
  • Subscribed
  • Moderated
  • Favorites
  • anitta
  • everett
  • magazineikmin
  • Durango
  • thenastyranch
  • Youngstown
  • slotface
  • hgfsjryuu7
  • osvaldo12
  • rosin
  • kavyap
  • mdbf
  • PowerRangers
  • DreamBathrooms
  • modclub
  • khanakhh
  • InstantRegret
  • tacticalgear
  • vwfavf
  • ethstaker
  • ngwrru68w68
  • normalnudes
  • tester
  • GTA5RPClips
  • cubers
  • cisconetworking
  • Leos
  • provamag3
  • All magazines
    •