No. I already found three examples, cited sources and results. The "burden of proof" doesn't extend to repeatedly doing more and more work for every naysayer. Yours is a bad faith comment.
The reality is that most people's thoughts on bug bounties are from salacious headlines talking about those $1M vulnerabilities. In reality the average bug bounty submission is a machine translated report for a low severity issue in a web app that may or may not even exist (or be a vulnerability), sprayed at hundreds of companies (or the same company a hundred times) in the hopes of earning $500 to basically do currency manipulation.
Nice. This is a great start. The next steps are backups and regular security updates. The former is probably pretty easy with Claude and a provider like Backblaze, for updates I wonder if "check for security issues with my software and update anything in need" will work well (and most importantly, how consistently). Alternatively, getting the AI to threat model and perform any docker hardening measures.
Then someday we self-host the AI itself, and it all comes together.
My security update system is straightforward but it took quite a lot of thought to get here.
My self hosted things all run as docker containers inside Alpine VMs running on top of Proxmox. Services are defined with Docker Compose. One of those things is a Forgejo git server along with a runner in a separate VM. I have a single command that will deploy everything along with a Forgejo action that invokes that command on a push to main.
I then have Renovate running periodically set to auto-merge patch-level updates and tag updates.
Thus, Renovate keeps me up to date and git keeps everyone honest.
In most red team contexts, the implants don't talk directly to the actual C2 - the implants talk to listening posts (often behind redirectors/transient reverse proxies) and then the listening posts request commands from the C2 server.
We’re supposedly mere years away from superintelligence, but it’s still literally impossible to just send a file between two clients without configuring intermediate network hardware or performing some hack to get around NAT (which can still fail and then require an intermediate server) if both clients are behind CGNAT.
It’s genuinely disheartening to see so many people here not even begin to try to understand how much we’re missing by not having effortless end-to-end connectivity, in favor of expensive cloud services. This literally used to be what the “Internet” is - we’re definitionally not on one without this.
Considering that practically the only metric of economic success in the US oligarchy is the price of the flat-screen TV you'd imagine they'd at least work by now. At at least one price range.
I've got a "smart" TV that I didn't want, but that's the only thing they offer in my price range anymore. Maybe 5 years old. Stopped connecting to Wi-Fi, an actual hardware problem. Bricked. Opened the TV, cleaned the contacts and uncreased some wire strip. Has been working ever since. Most people would have thrown it out and bought another. But I'm the bad guy for using incandescent light bulbs.
It's funny too because the show doesn't even need most of the screen real estate. The most impactful scenes are kept to the middle third of the screen so that they can be cropped in vertical video for edits on TikTok and Instagram. That's on top of the repetitive dialogue crutch, designed so that you don't even have to stop scrolling on your phone to follow the plot on your TV. It's all slop now.
reply