Kind of worried to be honest, two in like a week? Pretty scary.
I’m very dumb about Linux technical stuff but I feel like root access is way too easy to be accessed.
Is there any way to make it harder? I mean let’s say similar to Android, you need to unlock the boot loader first, flash a recovery and flash Magisk or something, that’s a good layer before root access.
At least for Linux Desktop, maybe make it so we can get root access only via a bootable USB with a correct password? Just for sporadic system changes.
With AI enabled bug hunting, you’re likely to see a blitz of vulnerabilities, followed by a significant reduction in vulnerabilities.
Yes, malicious folks are usin em – heck, Kali’s had AI integrations for a while on a bunch of its tools even, for pen testing. But devs writing code get em too, and those are the people we need to see using these sorts of workflows as it lets them clip a bunch of zero days.
I think Mozilla, as an example, had a recent patch that cleaned up something like 271 zero days? Anthropic taking their Mythos stuff to banks/govt was largely just a publicity thing to try and shut people up who were mocking claudes code, but also potentially because it’d found govt-placed backdoors that they wanted the gov to know were about to be exposed / patched. The USA’s alleged ability to “shut off” tech assets during raids in Venezuela and Iran, gets trickier if AI is exposing their back doors. Likely also why the US Administration is now saying they want to review AIs before they get released. Mythos definitely isn’t the only game in town for this sort of stuff – but the general idea that the dev teams will be shifting to using these tools for QA / writing more secure apps in the near future, is fairly valid. So I wouldn’t go too tinfoil hat-y on that front… though it is a period where we’ll see a need to patch aggressively, and to double check security configs etc.
This exploit appears to be inspired by the copy fail.
Should you be worried? Nah, You should not be installing untrusted software on your device. This isnt even the type of exploit that scares me. Your device gas to already be compromised for this exploit to succeed.
As a former OS security pro, this is the right answer. Not because of the exploit itself, but because young (unmentored) coders readily trust some really bad patterns of pulling in random junk from the web and running it. THIS is how the LPE becomes essentially an RCE-level problem.
What’s up with all these vulnerabilities?
Kind of worried to be honest, two in like a week? Pretty scary.
I’m very dumb about Linux technical stuff but I feel like root access is way too easy to be accessed.
Is there any way to make it harder? I mean let’s say similar to Android, you need to unlock the boot loader first, flash a recovery and flash Magisk or something, that’s a good layer before root access.
At least for Linux Desktop, maybe make it so we can get root access only via a bootable USB with a correct password? Just for sporadic system changes.
Is there anything like that?
It’s a positive thing, don’t be worried.
These vulns already existed. It’s possible the bad guys were already using them. This gets them out in the open and on their way to being resolved.
Just keep patches up to date with any modern and maintained distro and you’ll be grand.
With AI enabled bug hunting, you’re likely to see a blitz of vulnerabilities, followed by a significant reduction in vulnerabilities.
Yes, malicious folks are usin em – heck, Kali’s had AI integrations for a while on a bunch of its tools even, for pen testing. But devs writing code get em too, and those are the people we need to see using these sorts of workflows as it lets them clip a bunch of zero days.
I think Mozilla, as an example, had a recent patch that cleaned up something like 271 zero days? Anthropic taking their Mythos stuff to banks/govt was largely just a publicity thing to try and shut people up who were mocking claudes code, but also potentially because it’d found govt-placed backdoors that they wanted the gov to know were about to be exposed / patched. The USA’s alleged ability to “shut off” tech assets during raids in Venezuela and Iran, gets trickier if AI is exposing their back doors. Likely also why the US Administration is now saying they want to review AIs before they get released. Mythos definitely isn’t the only game in town for this sort of stuff – but the general idea that the dev teams will be shifting to using these tools for QA / writing more secure apps in the near future, is fairly valid. So I wouldn’t go too tinfoil hat-y on that front… though it is a period where we’ll see a need to patch aggressively, and to double check security configs etc.
This exploit appears to be inspired by the copy fail.
Should you be worried? Nah, You should not be installing untrusted software on your device. This isnt even the type of exploit that scares me. Your device gas to already be compromised for this exploit to succeed.
Supply chain attacks are what scare me.
As a former OS security pro, this is the right answer. Not because of the exploit itself, but because young (unmentored) coders readily trust some really bad patterns of pulling in random junk from the web and running it. THIS is how the LPE becomes essentially an RCE-level problem.