

I’m a simple man. I see Cory, I upvote. Then I read the text.


I’m a simple man. I see Cory, I upvote. Then I read the text.


Imo, LLMs do have a purpose (and their ethical sourcing problems, like you mentioned).
It’s just that right now, Silicon Valley sells it as the answer to every single problem out there when it clearly isn’t. A hammer is good for putting nails in the wall. Silicon Valley claims you can also use it to do your toenails, gullible managers mandate its use for that purpose, and now the waiting rooms are chock-full with people with broken toes…
Also, AI can be so much more than just LLMs.


If by “AI” they mean “oligarch-owned and controlled AI”, we have common ground here. But then again, that is true of anything owned and monopolised by these people humanoids. Case in point: only few people will agree that…
The problem is not with the tech. The problem is that the tech is in the hands of a small clique of sociopaths.


In the interview, Diachenko put it more succinctly. “The scale is the sophistication,” he said.
The scale shows dedication (and deep pockets). The methods used - apart from the recursive dictionary attacks - were pretty mundane, as far as the report goes.
They then used a custom binary with 25,000 threads to spray hundreds of thousands of those endpoints with thousands of login and password combinations. Successful attempts now gave the attackers a “network tap inside the organization.”
Shouldn’t these fairly unsophisticated “spray-and-pray” brute force attempts show up in logs and at least alert security personnel that an active attack was underway?
the attackers went on to “actively intercept SSL VPN authentication hashes and crack them using a massive, dedicated 45-GPU cluster managed via Hashtopolis.” From there, they used the GPU cluster to crack the hashes, meaning to try massive combinations of plain-text passwords until they found the right one.
Again, not particularly sophisticated, but supported by heavy machinery to burn energy and money to do the actual work. Again, I ask: shouldn’t these types of attempts be mitigated by sufficiently long hashes? Even a 45-GPU cluster can be exhausted by hash length, can’t it?
It’s “its”.
Also, thou shalt not editorialise headlines.