@GossiTheDog ladies and gentlemen, it's this stupid shit (tm) that we are paying up the ass for new SSDs and RAM for.

@GossiTheDog what's funny to me, is that there were influencers on linkedin a few days ago claiming claudecode could find vulnerabilities in code faster than humans, and they're like "look at all these openssl vulns it found!" now I'm like. "well no shit its finding vulnerabilities, when its the one introducing them."

@GossiTheDog

@catsalad

@Viss good work, brother

@kallisti you're not alone.

@Viss yo, we sure these dudes are working in cybersecurity

@Viss FINALLY.

@hacks4pancakes I look into the building, see that it has burst into flames, and keep eyeing the exit door describes my current mood.

@SwiftOnSecurity

@SwiftOnSecurity I've seen it, its iconic, never show it to me again.

@hacks4pancakes I solve this problem by avoiding star trek, because I'm genuinely not smart enough for it.

aka the tor exit node problem, except now I'd get paid a few pennies to be an absolute bastard.

here's where I admit, I want to install it in a VM and SSL MITM all of that vm's traffic to see what they use it for.

took every fiber of my being to not respond to that ticket with the DR. Robotnik "IM SHITTING IN YOUR CHIMNEY" image.

well not in charge of communications most days

so, there is a program called honeygain that lets you sell your bandwidth in exchange for being a part of a residential proxy botnet. Like most stuff of this nature, if you find it running in an enterprise environment, it's probably not anything good that you want.

We have rules for it under PUP/Adware because its more than likely unwanted in any sort of an environment with anyone actively using Suricata, or ingesting its alerts. They e-mail us to let us know they're not happy about it.

To which if it were me, I would tell them to shove a retractable baton up their asses, but alas, I'm not in charge of communications.

@Viss "I let the bot control my phone and it opened my banking app and started a wire transfer."

isn't too far off. Some dude claims to have done this for an agent. That is, let the agent control an android phone via ADB bridge.

@Viss but the AI bros lapped that shit up, and predictably, got owned.

@Viss just like you, my first instincts on "let the agents who have traditionally have extremely poor security congregate and learn skills with absolutely no confirmation that the skills aren't malicious."

Every fiber of my being was shouting this is gonna be a shitshow.