Readit News logoReadit News
david_shaw commented on With AI chatbots, Big Tech is moving fast and breaking people   arstechnica.com/informati... · Posted by u/rntn
david_shaw · 5 days ago
I love playing with advancing technologies, and although I don't think LLM/Agentic AI is quite ready to change the world, one day soon it might be -- but the volume of individuals falling into AI-induced psychosis is astounding and horrifying.

For those of you who, thankfully, don't have personal experience, it generally goes like this: reasonable-ish individual starts using AI and, in turn, their AI either develops or is prompt-instructed to have certain personality traits. LLMs are pretty good at this.

Once the "personality" develops, the model reinforces ideas that the user puts forth. These can range from emotional (such as the subreddit /r/MyBoyfriendIsAI) to scientific conspiracies ("yes, you've made a groundbreaking discovery!").

It's easy to shrug these instances off as unimportant or rare, but I've personally witnessed a handful of people diving off the deep-end, so to speak. Safety is important, and it's something many companies are failing to adequately address.

It'll be interesting to see where this leads over the next year or so, as the technology -- or at least quality of models -- continues to improve.

david_shaw commented on Cybersecurity Is Full (2024)   cyberisfull.com/... · Posted by u/1970-01-01
david_shaw · 6 months ago
This is interesting, and not the first time I've seen this sentiment.

I don't take immediate issue with the points made here, but I think the conclusion is not entirely correct. Security isn't full, it's just harder and more competitive than people think.

I'll explain: because of the hype described here, many, many people decided that security would be a great way to make a living. They were told that there was a severe need for security professionals, and that there would be high-paying jobs just waiting for them to apply.

So these people studied security in school, maybe took the Security+ or CEH certs, and applied for jobs. Those that got jobs got laid off (again, mentioned in the article) when times got tough, or never got a job in the first place. Why?

Security is a field of people who love what they do. Go to DEF CON -- or even better, small, regional infosec conferences -- and you'll find people who are extremely talented... some of whom don't even work in the industry. For people like this, there is a talent shortage.

I've been consistently hiring security people for the last 15 years. There is absolutely a talent shortage at high levels of the industry -- but it's really hard to get to that level. Learning the OWASP Top 10 and a few nmap flags isn't going to cut it.

My experience may not be universal, but this is what I've seen over the course of a lifetime in infosec.

david_shaw commented on I created an open-source Hardware Hacking Wiki – with tutorials for beginners   hardbreak.wiki... · Posted by u/hw-f3nter
david_shaw · 8 months ago
This is great.

I've always been on the application security side of things, but I'm increasingly interested in hardware hacking. Through some cursory research, I learned that there are a few scattered resources, but the best way to learn is to really work with someone who knows what they're doing.

Putting all these guides, roadmaps, etc. together in a single place is a great resource that I'll definitely use.

Thank you!

david_shaw commented on FCC proposes cybersecurity labeling program for smart devices   fcc.gov/cybersecurity-cer... · Posted by u/david_shaw
mdaniel · 8 months ago
Discussed: https://news.ycombinator.com/item?id=42636675
david_shaw · 8 months ago
I missed this discussion; thanks for linking it!
Posted by u/david_shaw 8 months ago
FCC proposes cybersecurity labeling program for smart devicesfcc.gov/cybersecurity-cer...
david_shaw commented on Stopping by Woods on a Snowy Evening (1923)   poets.org/poem/stopping-w... · Posted by u/keepamovin
david_shaw · 8 months ago
This is one of my favorite poems -- perhaps because it was my first in-depth exposure to poetry.

In high school, I was assigned a poetry explication: it was a combination of poetic analysis and public speaking (I had to deliver my work to the class), and it was a major part of my grade.

I chose this poem because it was one of the few poems I'd ever read.

I'd never spent much time with poetry, but the hours I dedicated to really thinking about (and feeling) this poem made a lasting impact. I don't remember the grade I got, but the assignment absolutely kindled my lifelong love of poetry.

I spend more time on translations of older Chinese poetry these days (I highly recommend Red Pine's translation of Wei Ying-wu's In Such Hard Times), but I'll always remember Stopping by Woods on a Snowy Evening.

Posted by u/david_shaw a year ago
NSA, FBI, CISA, and Allies Issue Advisory about Russian Military Cyber Actorsnsa.gov/Press-Room/Press-...

Deleted Comment

Posted by u/david_shaw a year ago
OpenAI Security Slack Botsgithub.com/openai/openai-...
david_shaw commented on Tell HN: Microsoft.com added 192.168.1.1 to their DNS record    · Posted by u/indosauros
_nickwhite · 2 years ago
An entry-level admin is now unemployed, just before the holidays.
david_shaw · 2 years ago
> An entry-level admin is now unemployed, just before the holidays.

I highly doubt that entry-level admins at Microsoft have access to DNS for their primary domain. My guess is that this incident is a lot more interesting than that.

d

u/david_shaw

KarmaCake day2877September 25, 2010
About
I do security.

I've led penetration testing "red teams," software development teams, and enterprise security "blue teams."

I currently serve as the CISO of a publicly-traded software company.

Please feel free to get in touch. I'm always happy to chat.

  o https://dshaw.net

  o E-Mail: dshaw
             a t
            dshaw.net

View Original