Cybersecurity

5462 readers

137 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories (www.darkreading.com)

submitted 5 months ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

5 comments fedilink hide all child comments

top 5 comments

sorted by: hot top controversial new old

[–] higgsboson@dubvee.org 12 points 5 months ago (1 children)

As threatening as malicious LLMs might be, Kang says, "At the moment, this doesn't unlock new capabilities an expert human couldn't do. As such, I think it's important for organizations to apply security best practices to avoid getting hacked, as these AI agents start to be used in more malicious ways."

[–] milicent_bystandr@lemm.ee 18 points 5 months ago (1 children)

So the risk is the llm makes vulnerabilities more accessible to less-expert hackers, and able to be targeted more easily to more victims by more attackers.

[–] Player2@lemm.ee 9 points 5 months ago (1 children)

Security through obscurity is not something that should be relied upon anyway. This just necessitates fixes to be implemented faster.

[–] milicent_bystandr@lemm.ee 7 points 5 months ago (1 children)

Shouldn't rely on obscurity, but it still reduces the threat. Especially when you're talking the difference between a few targeted attacks and an imminent worldwide attack.

If every wannabe hacker had the resources of the state sponsored groups (I realise that's more extreme) a lot of our current and worthwhile security practice would be moot.

[–] ToyDork@sh.itjust.works 1 points 5 months ago* (last edited 5 months ago)

Unfortunately, this is why we need Web³ ("NFT-based memberships" and login via crypto wallet) integration, even if it's incredibly inconvenient to re-learn online transactions and yes, even if "fintech" is a giant financial bubble that will probably burst with horrible economic consequences. Built-in, standardized FOSS encryption is now the only way forward aside from (possibly) PayPal.

What's worse is that this makes Windows and Mac OS untrustable. Linux fares better but would need to implement best practice as only practice.

Everything will need to be sandboxed like on smartphones now. Thanks a fucking lot, OpenAI.