miniblog.

← Back to all posts
Aug 22, 2023 at 00:24
Be careful evaluating code from LLM based tools, as there are several avenues for malicious users to inject output:
GitHub - greshake/llm-security: New ways of breaking app-integrated LLMs
GitHub - greshake/llm-security: New ways of breaking app-integrated LLMs
New ways of breaking app-integrated LLMs . Contribute to greshake/llm-security development by creating an account on GitHub.

Related Posts

Jun 11, 2023 at 18:14
A new class of typosquatting attacks for malicious packages: register package names that are hallucinated by ChatGPT: https://vulcan.io/blog/ai-hallucinations-package-risk (h/t @rauschma)
May 24, 2020 at 16:53
Malicious ads discussion on TV Tropes https://tvtropes.org/pmwiki/posts.php?discussion=13223684920A10189100 discusses the importance of antivirus software. I suspect that having an up-to-date browser is more important these days? It's probably the most attacked software by far.
Advertising and Computer Security Issues on TV Tropes - TV Tropes Forum
Advertising and Computer Security Issues on TV Tropes - TV Tropes Forum
Nov 2, 2019 at 13:01
How do you prevent "trusting trust" attacks with malicious compilers? You don't need a trusted production-grade compiler. It's sufficient to have a really limited trusted compiler or even an untrusted compiler provided the triggers don't overlap.
Countering "Trusting Trust" - Schneier on Security
Way back in 1974, Paul Karger and Roger Schell discovered a devastating attack against computer systems. Ken Thompson described it in his classic 1984 speech, “Reflections on Trusting Trust.” Basically, an attacker changes a compiler binary to produce malicious versions of some programs, INCLUDING ITSELF. Once this is done, the attack perpetuates, essentially undetectably. Thompson demonstrated the attack in a devastating way: he subverted a compiler of an experimental victim, allowing Thompson to log in as root without using a password. The victim never noticed the attack, even when they disassembled the binaries—the compiler rigged the disassembler, too...