“I’m Brian and so’s my wife”
I’m subscribed to a whole bunch of mailing lists, mostly as a lurker as I have a hard enough time just keeping up with some of them. One of those lists is Bugtraq, which is pretty much required reading for anyone with sysadmin responsibilities for a server connected to the public internet. Bugtraq is the central hub of the “public disclosure” security community and is actually surprisingly low traffic with only twenty or so messages a day. It’s fascinating to watch the latest exploits for all manner of popular software packages tick by on an hourly basis.
Last week, someone posted to the list asking if anyone knew of a contact address for the security team at Bank of America. Today, they posted a follow-up which included the following gem:
I’d also like to thank the 0-day social engineers for their variety of approaches used to attempt to gain access to this exploit. We received responses ranging from fraudulent “Bank of America” employees to phone calls from people claiming to be from Bank of America’s IT Security. (One caller claimed to be from Bank of America’s IT Security but didn’t know what PGP is and then said he couldn’t give his PGP key due to security restrictions. And when we asked him to provide information so we could verify the contact, he said he would call back but never did. To this caller: Yes, your social engineering failed and your caller-id spoofing was almost perfect. Emphasis on “almost”.)
For some reason, I’m reminded of a classic scene from Monty Python’s Life of Brian.
More recent articles
- Weeknotes: Parquet in Datasette Lite, various talks, more LLM hacking - 4th June 2023
- It's infuriatingly hard to understand how closed models train on their input - 4th June 2023
- ChatGPT should include inline tips - 30th May 2023
- Lawyer cites fake cases invented by ChatGPT, judge is not amused - 27th May 2023
- llm, ttok and strip-tags - CLI tools for working with ChatGPT and other LLMs - 18th May 2023
- Delimiters won't save you from prompt injection - 11th May 2023
- Weeknotes: sqlite-utils 3.31, download-esm, Python in a sandbox - 10th May 2023
- Leaked Google document: "We Have No Moat, And Neither Does OpenAI" - 4th May 2023
- Midjourney 5.1 - 4th May 2023
- Prompt injection explained, with video, slides, and a transcript - 2nd May 2023