HackerTrans
TopNewTrendsCommentsPastAskShowJobs

kevcampb

no profile record

Submissions

Atlassian enables default data collection to train AI

letsdatascience.com
604 points·by kevcampb·3 miesiące temu·136 comments

Hackers exploiting Acrobat Reader zero-day flaw since December

bleepingcomputer.com
12 points·by kevcampb·3 miesiące temu·0 comments

Pixnapping Attack

pixnapping.com
311 points·by kevcampb·9 miesięcy temu·72 comments

comments

kevcampb
·2 miesiące temu·discuss
They've just been released

https://security.snyk.io/vuln/SNYK-DEBIAN13-NGINX-16732761

https://security.snyk.io/vuln/SNYK-ALPINE323-NGINX-16722461

So it seems that Snyk is taking almost a week to get advisories out for an RCE
kevcampb
·2 miesiące temu·discuss
It seems that Snyk isn't picking this up on our docker images. They have a vulnerability published for the nginx binary itself.

https://security.snyk.io/vuln/SNYK-UNMANAGED-NGINX-16679754

But they've not released any vulnerability for the Alpine or Debian packages.

Does anyone know what's happening here? Seems concerning that there's a 2 day old RCE not being picked up.
kevcampb
·2 miesiące temu·discuss
That's on Google apps, that's not on Chrome. That's not Chrome sending your browsing data or content from inside webpages to Google.
kevcampb
·2 miesiące temu·discuss
This seems somewhat specious - it's also quite possible that they just altered the wording to make it less verbose. Does anyone have access to the link "Learn more about on-device AI"?

If Chrome starts sending data from the browser back to Google, that's going to be a huge compliance issue. If you work for a company that processes customer data in the browser, you're going to need to ban Chrome.
kevcampb
·3 miesiące temu·discuss
"Your available data contribution settings will be available no later than May 19, 2026."

So let me guess, they're hoping that we forget about this by then, so that they can scoop up our data? I can't think any other reason for it.
kevcampb
·3 miesiące temu·discuss
Unfortunately that one has a subheading of "From August 17, the outfit will collect customer metadata by default unless you pay for the top tier"

It's not just metadata, it's all "in-app data"
kevcampb
·3 miesiące temu·discuss
I really wish I could find a better source to link to for this. By default, all free and paid customers are being opted-in to their data being used for AI training.

All your Confluence pages, Jira tickets, etc.

https://support.atlassian.com/security-and-access-policies/d... describes how to disable this, but it also appears that the setting to disable this doesn't exist (it's not visible on any of our instances).
kevcampb
·3 miesiące temu·discuss
Which works out at $100 USD / year. You might think that's trivial, but when you start provisioning multiple environments over multiple projects it starts to add up.

It's a shame that Google haven't managed to come up with a scale to zero option or serverless alternative that's compatible.
kevcampb
·3 miesiące temu·discuss
This is terrifying. Github was the one provider I did not expect to make such an action. We're now playing whack-a-mole with vendors to try and ensure that our company IP doesn't end up being used to train a model.
kevcampb
·8 miesięcy temu·discuss
That's a mixpanel breach if the unauthorised access was mixpanel staff accounts.

If someone phishes your gmail account, there is no gmail breach.
kevcampb
·8 miesięcy temu·discuss
Possibly because OpenAI have just made a post stating there has been a breach https://openai.com/index/mixpanel-incident/ and implicating Mixpanel as the cause
kevcampb
·8 miesięcy temu·discuss
The title here is misleading. The original article does not state breach and at no point have Mixpanel used that term.
kevcampb
·9 miesięcy temu·discuss
Google converted my mum's Gmail account to a workspace account automatically. Now she can't use her bedroom alarm clock because it's connected to my dad's Gmail account and you can't share access to workspace accounts. It's stupidly maddening.

And yes I realise that an IoT alarm clock is ridiculous, but that's not the point.
kevcampb
·9 miesięcy temu·discuss
> This is pulling the content of the RSS feeds of several news sites into the context window of an LLM and then asking it to summarize news items into articles and fill in the blanks?

This is awful. It's cutting out any money going to the news agencies that go out there and write news. If they didn't exist, Kagi wouldn't work.