Autor tomek@vz (Post 3827650)

> Techspot

Autor mkey (Post 3827799)

PA ima na jobito onaj frajer koji maltretira Indijske scammere. Pred već barem pola godine je bio složio svoj garažni call centar gdje ti njegovi "AI" botovi dovode indijce do ludila i to uživo. Ne znam koliko je roknuo u hardware, ali mislim da je imao istovremeno 12 linija koje roštaju cijeli dan. Kit Boga, kako li se zove.

Autor Bono (Post 3828317)

EY Data Leak - Massive 4TB SQL Server Backup Exposed Publicly on Microsoft Azure

A massive 4TB SQL Server backup file belonging to global accounting giant Ernst & Young (EY) was discovered publicly accessible on Microsoft Azure.

The file's naming convention screamed SQL Server backup (.BAK format), which typically contains full database dumps, including schemas, user data, and, crucially, embedded secrets such as API keys, credentials, and authentication tokens.

A simple HEAD request designed by researchers to retrieve metadata without downloading content revealed a massive size: 4 terabytes of data, which is equivalent to millions of documents or the contents of an entire library.

https://cybersecuritynews.com/ey-data-leak/

Sent from my SM-S931B using Tapatalk

NeuralTrust found that a malformed URL could be crafted to include a prompt that is treated as plain text by the browser, passing the prompt on to the LLM. A malformation, such as an extra space after the first slash following "https:" prevents the browser from recognizing the link as a website to visit. Rather than triggering a web search, as is common when plain text is submitted to a browser's address bar, ChatGPT Atlas treats plain text as ChatGPT prompts by default. An unsuspecting user could potentially be tricked into copying and pasting a malformed link, believing they will be sent to a legitimate webpage. An attacker could plant the link behind a "copy link" button so that the user might not notice the suspicious text at the end of the link until after it is pasted and submitted. These prompt injections could potentially be used to instruct ChatGPT to open a new tab to a malicious website such as a phishing site, or to tell ChatGPT to take harmful actions in the user's integrated applications or logged-in sites like Google Drive, NeuralTrust said.

"This exploit can allow attackers to infect systems with malicious code, grant themselves access privileges, or deploy malware," LayerX Security Co-Founder and CEO, Or Eshed, said in a report shared with The Hacker News. The attack, at its core, leverages a cross-site request forgery (CSRF) flaw that could be exploited to inject malicious instructions into ChatGPT's persistent memory. The corrupted memory can then persist across devices and sessions, permitting an attacker to conduct various actions, including seizing control of a user's account, browser, or connected systems, when a logged-in user attempts to use ChatGPT for legitimate purposes.... "What makes this exploit uniquely dangerous is that it targets the AI's persistent memory, not just the browser session," Michelle Levy, head of security research at LayerX Security, said. "By chaining a standard CSRF to a memory write, an attacker can invisibly plant instructions that survive across devices, sessions, and even different browsers. In our tests, once ChatGPT's memory was tainted, subsequent 'normal' prompts could trigger code fetches, privilege escalations, or data exfiltration without tripping meaningful safeguards...." LayerX said the problem is exacerbated by ChatGPT Atlas' lack of robust anti-phishing controls, the browser security company said, adding it leaves users up to 90% more exposed than traditional browsers like Google Chrome or Microsoft Edge. In tests against over 100 in-the-wild web vulnerabilities and phishing attacks, Edge managed to stop 53% of them, followed by Google Chrome at 47% and Dia at 46%. In contrast, Perplexity's Comet and ChatGPT Atlas stopped only 7% and 5.8% of malicious web pages.

Sandboxing is a security approach designed to keep websites isolated and prevent malicious code from accessing data from other tabs. The modern web depends on this separation. But in Atlas, the AI agent isn't malicious code — it's a trusted user with permission to see and act across all sites. This undermines the core principle of browser isolation.

Autor OuttaControl (Post 3828680)

https://www.instagram.com/reel/DPHFw...YybGJsdTRsYg==

TLDR
Auto skuplja podatke o voznji, GM ih prodaje data brokeru, data broker ih prodaje osiguranju.
U ovom slucaju covjeku je skocila cijena osiguranja 80% zato jer je imao puno "near crash events at night" crash events at night su bile njegove macke koje izlete pred auto svaku večer jer je dosao kuci. Inace prate kad vozis, koliko vozis, kako vozis, gdje vozis, kako kocis, kako ubrzavas itd. itd.
GM kaze sve pise u terms and conditions :)

Poanta je i kako je on kaznjen, za krive podatke i netocne informacije, tako da nam sljeduje i gore sa AI radnicima, al korporacije nije briga, njima je to profit :)

Autor OuttaControl (Post 3828680)

https://www.instagram.com/reel/DPHFw...YybGJsdTRsYg==

TLDR
Auto skuplja podatke o voznji, GM ih prodaje data brokeru, data broker ih prodaje osiguranju.
U ovom slucaju covjeku je skocila cijena osiguranja 80% zato jer je imao puno "near crash events at night" crash events at night su bile njegove macke koje izlete pred auto svaku večer jer je dosao kuci. Inace prate kad vozis, koliko vozis, kako vozis, gdje vozis, kako kocis, kako ubrzavas itd. itd.
GM kaze sve pise u terms and conditions :)

Poanta je i kako je on kaznjen, za krive podatke i netocne informacije, tako da nam sljeduje i gore sa AI radnicima, al korporacije nije briga, njima je to profit :)

Autor Libertus (Post 3828734)

Upitno da li je istina ili nije, ali svejedno dobar primjer za ove koji "nemaju što skrivati" pa im je svejedno da li im država snima i skenira sve poruke koje primaju i šalju.

Autor Bono (Post 3828739)

A nemojte misliti da je kod nas isto zdravstvo zagarantirano, moglo bi i kod nas biti kao u americi. I kod nas je vec bilo, ako osiguranje sazna da imas rak ne zeli te osigurati, pa sad ti zamisli koliko su im vrijedni ti podaci.

The user, Harishankar, decided to block the telemetry servers' IP addresses on his network, while keeping the firmware and OTA servers open. While his smart gadget worked for a while, it just refused to turn on soon after... He sent it to the service center multiple times, wherein the technicians would turn it on and see nothing wrong with the vacuum. When they returned it to him, it would work for a few days and then fail to boot again... [H]e decided to disassemble the thing to determine what killed it and to see if he could get it working again... [He discovered] a GD32F103 microcontroller to manage its plethora of sensors, including Lidar, gyroscopes, and encoders. He created PCB connectors and wrote Python scripts to control them with a computer, presumably to test each piece individually and identify what went wrong. From there, he built a Raspberry Pi joystick to manually drive the vacuum, proving that there was nothing wrong with the hardware. From this, he looked at its software and operating system, and that's where he discovered the dark truth: his smart vacuum was a security nightmare and a black hole for his personal data. First of all, it's Android Debug Bridge, which gives him full root access to the vacuum, wasn't protected by any kind of password or encryption. The manufacturer added a makeshift security protocol by omitting a crucial file, which caused it to disconnect soon after booting, but Harishankar easily bypassed it. He then discovered that it used Google Cartographer to build a live 3D map of his home. This isn't unusual, by far. After all, it's a smart vacuum, and it needs that data to navigate around his home. However, the concerning thing is that it was sending off all this data to the manufacturer's server. It makes sense for the device to send this data to the manufacturer, as its onboard SoC is nowhere near powerful enough to process all that data. However, it seems that iLife did not clear this with its customers. Furthermore, the engineer made one disturbing discovery — deep in the logs of his non-functioning smart vacuum, he found a command with a timestamp that matched exactly the time the gadget stopped working. This was clearly a kill command, and after he reversed it and rebooted the appliance, it roared back to life.