Readit Newsgalnagli commented on Accessing Max Verstappen's passport and PII through FIA bugs ian.sh/fia... · Posted by u/galnagli
I've got a question! I'd say what's happening with viebcoding is really an acceleration of move fast and break things. Uber and Snapchat both had major security vulnerabilities, resulting in millions of user records leaked, in their hey day of the mid 2010s. And that was WITH whatever DevOps pipeline, code review or other best practices likely in place.
What's unique about Tea or Base44 (or Replit founder deleting his codebase) is A) the disregard for security best practices and B) the speed at which they both grew and exposed vulnerabilities.
So my question is, how do you see the balance of cybersecurity and AI as everything moves faster than ever before?
I see companies deploy and trust AI without really investing into security, it will be very easy in the near future to find simple, devastating bugs : )
Happy to answer questions : )
Thank you everyone, this was responsibly disclosed to DeepSeek and published after the issue was remediated, we got acknowledgment from their team today on our contribution.
galnagli commented on Launch HN: Roame (YC S23) – Flight search engine for your credit card points · Posted by u/zman0225
Seats.aero is better
galnagli commented on March 20 ChatGPT outage: Here’s what happened openai.com/blog/march-20-... · Posted by u/zerojames
Well - they have had more bugs and will have more bugs to worry from.
galnagli commented on · Posted by u/galnagli
Web Cache Deception issue has led OpenAI's ChatGPT to suffer an account takeover vulnerability, although they don't run an official Bug Bounty program - they were quick to response and fix the matter.
The important part to know:
- Even if your app does not implement any React Server Function endpoints it may still be vulnerable if your app supports React Server Components.
- The vulnerability is present in versions 19.0, 19.1.0, 19.1.1, and 19.2.0 of: react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack
- Some React frameworks and bundlers depended on, had peer dependencies for, or included the vulnerable React packages. The following React frameworks & bundlers are affected: next, react-router, waku, @parcel/rsc, @vitejs/plugin-rsc, and rwsdk.
Second of all, the blog did add more information
"In our experimentation, exploitation of this vulnerability had high fidelity, with a near 100% success rate and can be leveraged to a full remote code execution. The attack vector is unauthenticated and remote, requiring only a specially crafted HTTP request to the target server. It affects the default configuration of popular frameworks. "
In the end - if it helped spreading the news about this risk so teams can fix them faster, then this is our end-goal with these blog posts : )