• Poggervania
    link
    fedilink
    3561 year ago

    There’s some sort of cosmic irony that some hacking could legitimately just become social engineering AI chatbots to give you the password

    • @residentmarchant
      link
      English
      2341 year ago

      There’s no way the model has access to that information, though.

      Google’s important product must have proper scoped secret management, not just environment variables or similar.

      • @nomecks
        link
        1111 year ago

        There’s no root login. It’s all containers.

        • @residentmarchant
          link
          English
          131 year ago

          The containers still run an OS, have proprietary application code on them, and have memory that probably contains other user’s data in it. Not saying it’s likely, but containers don’t really fix much in the way of gaining privileged access to steal information.

        • @Venat0r
          link
          91 year ago

          The containers will have a root login, but the ssh port won’t be open.

          • @[email protected]
            link
            fedilink
            41 year ago

            I doubt they even have a root user. Just whatever system packagea are required baked into the image

          • @[email protected]
            link
            fedilink
            21 year ago

            Containers can be entirely without anything. Some containers only contain the binary that gets executed. But many containers do contain pretty much a full distribution, but I have yet to see a container with a password hash in its /etc/shadow file…

            So while the container has a root account, it doesn’t have any login at all, no password, no ssh key, nothing.

      • @SpaceNoodle
        link
        71 year ago

        It does if they uploaded it to github

        • @residentmarchant
          link
          English
          61 year ago

          In that case, it’ll steal someone else’s secrets!

      • @Ziglin
        link
        11 year ago

        But you could get it to convince the admin to give you the password, without you having to do anything yourself.

    • @[email protected]
      link
      fedilink
      English
      261 year ago

      It will not surprise me at all if this becomes a thing. Advanced social engineering relies on extracting little bits of information at a time in order to form a complete picture while not arousing suspicion. This is how really bad cases of identity theft work as well. The identity thief gets one piece of info and leverages that to get another and another and before you know it they’re at the DMV convincing someone to give them a drivers license with your name and their picture on it.

      They train AI models to screen for some types of fraud but at some point it seems like it could become an endless game of whack-a-mole.

      • @[email protected]
        link
        fedilink
        61 year ago

        While you can get information out of them pretty sure what that person meant was sensitive information would not have been included in the training data or prompt in the first place if anyone developing it had a functioning brain cell or two

        It doesn’t know the sensitive data to give away, though it can just make it up

      • @Touching_Grass
        link
        11 year ago

        Wouldn’t it also be easy to find these method’s with it?