Author Topic: Linux hit: Thwarted supply-chain hack sets off alarm bells across DC - POLITICO  (Read 2694 times)

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 16867
  • Debbie says...
    • View Profile
''malicious code expertly hidden inside two versions of an immensely popular open-source data compression tool... ...which had by then been incorporated into two versions of the widely used Linux operating system.''


https://www.politico.com/news/2024/03/31/thwarted-supply-chain-hack-alarm-bells-00149877
« Last Edit: April 01, 2024, 05:03:17 PM by rcjordan »

ergophobe

  • Inner Core
  • Hero Member
  • *
  • Posts: 9648
    • View Profile
Quote
Several big businesses have published source code that incorporates a software package previously hallucinated by generative AI.

Not only that but someone, having spotted this reoccurring hallucination, had turned that made-up dependency into a real one, which was subsequently downloaded and installed thousands of times by developers as a result of the AI's bad advice, we've learned. If the package was laced with actual malware, rather than being a benign test, the results could have been disastrous.

Ended up in code on Alibaba.

https://www.theregister.com/2024/03/28/ai_bots_hallucinate_software_packages/

via

https://pluralistic.net/2024/04/01/human-in-the-loop/