I wonder if this was made by AI or a shit programmer
-
who'd have thought that being shitty programmer was incredibly susceptible to security flaws and deeply unsafe instead of javascript
No, it must be JavaScript that is the problem
principal_skinner.jpg.exe
-
No, it must be JavaScript that is the problem
principal_skinner.jpg.exe
Microsoft defender identified a malware in this executable.
-
Peak Vibe Coding results.
while True:
Jesus Christ
-
If I was a hacker, I would just get a job as a night cleaning person at corporate office buildings. And then just help myself to the fucking post-it notes with usernames and passwords on them.
-
As much as I dislike JavaScript, it isn't responsible for this. The person (or AI) and their stupidity is.
When i tried making a website with gemini cli it did deadass use string interpolation for sql queries so everything is possible
-
while True:
Jesus Christ
You know that's not the Tea code, but the downloader, right?
-
Sounds like a good case for brute forcing the filenames. Just do the proper thing and don't leave your cloud storage publicly accessible.
While proper security is better, you're not gonna brute force UUIDs.
-
This post did not contain any content.
Securing the db is more of an ops thing.
-
You know that's not the Tea code, but the downloader, right?
Other reports state the Tea backend was Vibe Coded: https://www.ainvest.com/news/tea-app-data-breach-exposes-72-000-users-ai-generated-code-security-lapse-2507/
-
Other reports state the Tea backend was Vibe Coded: https://www.ainvest.com/news/tea-app-data-breach-exposes-72-000-users-ai-generated-code-security-lapse-2507/
wrote on last edited by [email protected]Sure, it might be, I'm not saying it isn't. All I'm saying is: the screenshot shows the code someone wrote to download the images. It's not part of the Tea codebase.
-
This has been the case for 40+ years. Humans are almost always the weakest link.
we built this shit. thus we are always to blame.
-
Youβre no better off than if you did an internet search and tried to figure out whoβs giving good advice, or just fumbled your own way through the docs in the first place.
These have their own problems ime. Often the documentation (if it exists) won't tell you how to do something, or it's really buried, or inaccurate. Sometimes the person posting StackOverflow answers didn't actually try running their code, and it doesn't run without errors. There are a lot of situations where a LLM will somehow give you better answers than these options. It's inconsistent, and the reverse is true also, but the most efficient way to do it is to use all of these options situationally and as backups to each other.
wrote on last edited by [email protected]Yes, it can be useful in leading you to look in the right place for more information, or orienting you with the basics when you're working with a technology that's new to you. But I think it wastes my time as often as not.
-
Believe it or not a lot of hacking is more like this than you think.
Security by obscurity.
-
Microsoft defender identified a malware in this executable.
Wow. It actually identified something?
-
While proper security is better, you're not gonna brute force UUIDs.
As long as you're not rate limited, you absolutely could.
-
When i tried making a website with gemini cli it did deadass use string interpolation for sql queries so everything is possible
Robert'); DROP TABLE Students; --
-
As long as you're not rate limited, you absolutely could.
A UUID v4 has 122 bits of randomness. Do you know how long that would take to brute-force, especially with network limitations?
-
Yes, it can be useful in leading you to look in the right place for more information, or orienting you with the basics when you're working with a technology that's new to you. But I think it wastes my time as often as not.
That's implying that the quality of information from other sources is always better, but I'm saying that's sometimes not true; when you're trying to figure out the syntax for something, documentation and search engines have failed you, and the traditional next step would be to start contacting people or trying to find the answer in unfamiliar source code, sometimes a LLM can somehow just tell you the answer at that point and save the trouble. Of course you have to test that answer because more often than not it will just make up a fake one but that just takes a few seconds.
There are some situations I'm going back to search engines as a first option though, like error messages, LLMs seem to like to get tunnel vision on the literal topic of the error, while search results will show you an unintuitive solution to the same problem if it's a very common one.
-
As long as you're not rate limited, you absolutely could.
You cannot!
-
Sounds like a good case for brute forcing the filenames. Just do the proper thing and don't leave your cloud storage publicly accessible.
Can't be done.
