Author Topic: Linux hit: Thwarted supply-chain hack sets off alarm bells across DC - POLITICO (Read 827 times)

rcjordan · « **on:** April 01, 2024, 05:01:26 PM »

''malicious code expertly hidden inside two versions of an immensely popular open-source data compression tool... ...which had by then been incorporated into two versions of the widely used Linux operating system.''

https://www.politico.com/news/2024/03/31/thwarted-supply-chain-hack-alarm-bells-00149877

ergophobe · « **Reply #1 on:** April 01, 2024, 11:40:51 PM »

Quote

Several big businesses have published source code that incorporates a software package previously hallucinated by generative AI.

Not only that but someone, having spotted this reoccurring hallucination, had turned that made-up dependency into a real one, which was subsequently downloaded and installed thousands of times by developers as a result of the AI's bad advice, we've learned. If the package was laced with actual malware, rather than being a benign test, the results could have been disastrous.

Ended up in code on Alibaba.

https://www.theregister.com/2024/03/28/ai_bots_hallucinate_software_packages/

via

https://pluralistic.net/2024/04/01/human-in-the-loop/

The Core

News:

Author Topic: Linux hit: Thwarted supply-chain hack sets off alarm bells across DC - POLITICO (Read 827 times)

rcjordan

Linux hit: Thwarted supply-chain hack sets off alarm bells across DC - POLITICO

ergophobe

Re: Linux hit: Thwarted supply-chain hack sets off alarm bells across DC - POLITICO