Comment by chasil
3 hours ago
'Mythos “broke into almost all of our classified systems, not in weeks, but in hours.”'
Is Mythos a significant danger?
The curl experience does not suggest that hysteria is warranted, but this gives me pause.
3 hours ago
'Mythos “broke into almost all of our classified systems, not in weeks, but in hours.”'
Is Mythos a significant danger?
The curl experience does not suggest that hysteria is warranted, but this gives me pause.
Or, alternatively, it may suggest that the NSA’s classified systems are not very secure, which seems at least as possible: they may rely on requiring physical access to these systems to even attempt to penetrate them.
Curl is such a small utility, and the effect of any single problem is limited.
Mythos's great strength was finding multiple vulnerabilities and chaining them together to break a whole system.
Look at it like this: It found one confirmed, minor vulnerability in Curl (but I don't think they have said what it was?). In another system that used Curl it's possible it could have exploited that vulnerability to chain to another, bigger vulnerability that was normally inaccessible.
That's how systems get broken.
>> The curl experience does not suggest that hysteria is warranted, but this gives me pause.
What about the Firefox experience?
Or are we conveniently ignoring things that don't confirm conclusions we've already reached?
I'm not as familiar with that. I do agree that it sounded substantial.
I just think that a coreutils flaw is not as substantial as a rendering engine exploit.
Aren't you trying to do the same thing. Llm people, you're cooked.