Olivia
Online
greg
@teh_gerg
CEO of Secfault Security, looks like a cliché hacker according to @halvarflake
@[email protected]
Berlin
Joined July 2009
264 Following
1.1K Followers
2.2K Posts
The other day, our colleague Oliver decided to play around with Syzkaller to fuzz the FreeBSD Kernel. He added some support for the Bluetooth stack and indeed found an OOB read. If you're interested, check our blog post here: https://t.co/spfvizWozJ
@ju916 @41414141 @halvarflake But I now see what you mean. You want to be able to study the emergent properties of LLMs (or similar systems). I initially assumed you were interested in lower-level aspects of such systems.
@ju916 @41414141 @halvarflake It can be used to describe some aspects of emergent phenomena - and I suspect there's similar approaches for understanding LLMs. Which also show some emergent phenomena, that we'd like to get better handle on.
@ju916 @41414141 @halvarflake I do like your QM vs. weather example btw. I could now say that while QM will not help you as much here, studying the Navier-Stokes equation _will_ (I believe; not an expert on weather either). I'd argue in the same direction when it comes to machine learning.
Who to follow
joernchen
@joernchen
Your mom's favorite hacker. Also at @[email protected]
Julien Vanegue
@jvanegue
CTO Office / Head of Infra & Security Research @Bloomberg. Interested in mathematical techniques for software, systems, and network analysis at world scale.
sergey bratus
@sergeybratus
The cat is the Otocolobus Manul, https://t.co/Xswt7Vp2F1 . Manul is the perfect privacy mascot. All views & opinions are my own & personal.
@ju916 @41414141 @halvarflake That could be true, but I'm not in the position to argue from a neuroscience perspective; my view is heavily influenced by maths etc., so it might be natural for me to argue from that angle.
@ju916 @41414141 @halvarflake I don't know any neuroscience, so that's not something I can comment on. I guess it depends on your perspective: I see LLMs as an implementation relying on maths and ML theory. Might be that I'm just lacking the neuroscience perspective.
@ju916 @41414141 @halvarflake I know what you mean, but my point of view here is a bit different. Our current lack of debugging/inspection capabilities does not mean that we don't understand the magic on a low level. I'd say that when it comes to debugging/inspection, we're currently facing scale issues.
@ju916 @41414141 @halvarflake If you look at an LLM, then I'd say low-level is rather something like the maths behind it (some linear algebra for instance, and the whole theory behind ML). If you look at a compiler, some automata theory will also help.
@ju916 @41414141 @halvarflake Knowing details about low-level things is imho always helpful. However, the definition of "low-level" depends on the tech you're looking at. If you look at an OS then I'd say low-level points towards stuff like assembly.
We recently did some internal research and took a look at the JavaScript runtime Deno. We found a couple of interesting bypasses for their permission system. If you'd like to learn more, please feel free to check out our blogpost at https://t.co/worNH0qJ4G.
We've taken (another) look at the OpenOlat learning management solution and found an XXE issue, which can be turned into an arbitrary file read and an SSRF problem. In case you're interested, make sure to read our blog post at https://t.co/iJmS8VPtR3!
Forging Chains: The Java Blacksmith by Fabian Yamaguchi & David Baker Effendi https://t.co/SslEOXuAIy
We presented the first iteration of our work on mining Java deserialization gadgets at BSides Cape Town. This includes exploit chains against ZK framework and Groovy. Slides are available at https://t.co/oByzSODkWn - recording will follow.
Here are the slides of this morning's talk "Everything is (still) broken - looking back at 20 years of hacking." https://t.co/srsUCHcb44 - don't take it too serious, I know I don't.
We recently decided to take a look at LibreOffice, and found an (almost) arbitrary file write issue, which is now public (CVE-2023-1183). If you're interested, check out https://t.co/aRQta0XrHM for details :)
Last year we did a number of projects for AgileBits, focusing on the 1Password ecosystem. The reports have now been made public, so in case you're interested to get an impression feel free to check https://t.co/rbWpdIWUuX.
Checkout my write-up (with @secfaultsec) on an object deserialization flaw in the Visual Studio App Center SDK for iOS and macOS. I hope you enjoy joining me on this journey.
https://t.co/Fcq6FFr0jY
Recently, @OldM4nHunting took a look at the Visual Studio App Center SDK for iOS and macOS and found an insecure object deserialization issue. Here's a write-up on her journey of identifying and exploiting the issue: https://t.co/EE6kReELPP.
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.2M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.5M followers
Taylor Swift
@taylorswift13
81.3M followers
Lady Gaga
@ladygaga
72.8M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.6M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.3M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.6M followers