Here's the latest #curl hackerone issue I mentioned the other day: hackerone.com/reports/2871792 another one of those "we found a function call so therefore your program must be vulnerable".
Disclosed for educational purposes. Don't do this.
https://mastodon.social/@bagder/113582173108008721
https://hackerone.com/reports/2871792
@bagder "Not Applicable" feels so inappropriate. There should be a "Junk" or "Spam" option, because this is clearly what this is. WTF.
@bagder
@bagder Maybe you could just add a define like `-Dsafe_strcpy=strcpy` but then again they don't seem to have looked at the code at all.
@bagder h1 should really start to ban AI bots
2024-12-02 troed ┃ edited ┃ 1💬
@bagder I wonder how much money you can actually make from spamming bug bounty programs with AI reports.
I'm certain it's more than nothing.
@bagder “” lmao
@bagder This might be easy to spot but just wait until the AI starts to sound some what convincing enough that you actually need to waste energy thinking about it
────
────