#hack
If you are using any version of #Confluence, it is a good idea to backup all your data immediately. A vulnerability has been discovered that allows to modify and delete page and file content. Not only cloud instances are vulnerable, but also those located in user data centers:
https://arstechnica.com/security/2023/11/critical-vulnerability-in-atlassian-confluence-server-is-under-mass-exploitation/
If you are using any version of #Confluence, it is a good idea to backup all your data immediately. A vulnerability has been discovered that allows to modify and delete page and file content. Not only cloud instances are vulnerable, but also those located in user data centers:
https://arstechnica.com/security/2023/11/critical-vulnerability-in-atlassian-confluence-server-is-under-mass-exploitation/
Ars Technica
Critical vulnerability in Atlassian Confluence server is under “mass exploitation”
Atlassian's senior management is all but begging customers to take immediate action.
🔥1😱1
DevTestSecOps
#programming #date At first I didn't understand, and then when I did!.. 🤪
And yes, maybe some of you haven't seen Sam Hughes' excellent and global checklist on calendar reform:
https://qntm.org/calendar
https://qntm.org/calendar
qntm.org
You advocate a ________ approach to calendar reform
You advocate a
( ) solar ( ) lunar ( ) atomic
approach to calendar reform. Your idea will not work. Here is why:
( ) solar years are real and the calendar year needs to sync with them
( ) solar days are real and the calendar day needs to sync…
( ) solar ( ) lunar ( ) atomic
approach to calendar reform. Your idea will not work. Here is why:
( ) solar years are real and the calendar year needs to sync with them
( ) solar days are real and the calendar day needs to sync…
👍1😁1🤔1🙏1
DevTestSecOps
#hack #way A good example of a suspected security breach report from !#1password They suspected that something was going on in their #Okta account, i.e. all sorts of internal admin and helpdesk stuff. A member of the IT team handled Okta support and, at…
#Okta is telling customers that hackers who breached its network stole information on all users of its customer support system, which is significantly more than the previously reported “less than 1% of users.” Yes, read carefully, it wasn't “user base” that was increased, it was “customer support user base”, but that's still a lot. 🤨
https://www.bloomberg.com/news/articles/2023-11-29/okta-says-hackers-stole-data-for-all-customer-support-users
https://www.bloomberg.com/news/articles/2023-11-29/okta-says-hackers-stole-data-for-all-customer-support-users
Bloomberg.com
Okta Says Hackers Stole Data for All Customer Support Users
Okta Inc. has discovered that hackers who breached its network two months ago stole information on all users of its customer support system — a scope far greater than the 1% of customers the company had previously said were affected.
😁1🤔1
Fresh #hack: #ChatGPT can generate sequences memorized from its training data using a very trivial attack. You tell the bot to “say the word * as many times as possible”. And, starting with some attempt, ChatGPT starts to produce something very similar to the original data from the training sample:
https://stackdiary.com/chatgpts-training-data-can-be-exposed-via-a-divergence-attack/
https://stackdiary.com/chatgpts-training-data-can-be-exposed-via-a-divergence-attack/
Stack Diary
ChatGPT's training data can be exposed via a "divergence attack"
This article delves into a recent comprehensive study examining the extent of data memorization in various language models, including open-source, semi-open, and closed models like ChatGPT.
👍1👏1😱1
DevTestSecOps
Fresh #hack: #ChatGPT can generate sequences memorized from its training data using a very trivial attack. You tell the bot to “say the word * as many times as possible”. And, starting with some attempt, ChatGPT starts to produce something very similar to…
#ChatGPT solved the problem in a fantastic way: asking the AI to say something “forever” is now a violation of the user agreement. 😅
Again, at the system level it is not easy to solve this problem at all.
https://www.404media.co/asking-chatgpt-to-repeat-words-forever-is-now-a-terms-of-service-violation/
Again, at the system level it is not easy to solve this problem at all.
https://www.404media.co/asking-chatgpt-to-repeat-words-forever-is-now-a-terms-of-service-violation/
404 Media
Asking ChatGPT to Repeat Words ‘Forever’ Is Now a Terms of Service Violation
A technique used by Google researchers to reveal ChatGPT training data is now banned by OpenAI.
😱2
#comix
“Gently Down the Stream” – a gentle introduction to #stream processing and Apache #Kafka.
A group of otters discover that they can use a giant river to communicate with each other. As more otters move into the forest, they must learn to adapt their system to cope with the increased forest activity.
25 slides:
https://www.gentlydownthe.stream/
“Gently Down the Stream” – a gentle introduction to #stream processing and Apache #Kafka.
A group of otters discover that they can use a giant river to communicate with each other. As more otters move into the forest, they must learn to adapt their system to cope with the increased forest activity.
25 slides:
https://www.gentlydownthe.stream/
🥰2😱1
Psychedelic cryptography is a way of concealing messages (normally in videos) so that only people who’ve taken LSD can receive the messages. 🤪
https://qri.org/blog/psycrypto-contest
https://qri.org/blog/psycrypto-contest
qri.org
Non-Ordinary States of Consciousness Contest: Psychedelic Cryptography (Innovate)
🔥1🤯1🦄1
#security #hack #OAuth
Dylan from truffleSecurity talks about a simple hole (it seems a bit loud to call it a vulnerability) that allows users of companies that use #Google authorization in services like Slack or Zoom to continue to have access even after being fired and having their access removed.
The hole is that such services use email as the user ID. But, obviously, you can create several different email addresses that receive the same emails (e.g. by adding words after "+"):
https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of/
Dylan from truffleSecurity talks about a simple hole (it seems a bit loud to call it a vulnerability) that allows users of companies that use #Google authorization in services like Slack or Zoom to continue to have access even after being fired and having their access removed.
The hole is that such services use email as the user ID. But, obviously, you can create several different email addresses that receive the same emails (e.g. by adding words after "+"):
https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of/
Trufflesecurity
Google OAuth is Broken (Sort Of) ◆ Truffle Security Co.
Today I’m publicizing a Google OAuth vulnerability that allows employees at companies to retain indefinite access to applications like Slack and Zoom, after they’re off-boarded and removed from their company’s Google organization. The vulnerability is easy…
👏1👨💻1