Need to let loose a primal scream without collecting footnotes first? Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid: Welcome to the Stubsack, your first port of call for learning fresh Awful youāll near-instantly regret.
Any awful.systems sub may be subsneered in this subthread, techtakes or no.
If your sneer seems higher quality than you thought, feel free to cutānāpaste it into its own post ā thereās no quota for posting and the bar really isnāt that high.
The post Xitter web has spawned soo many āesotericā right wing freaks, but thereās no appropriate sneer-space for them. Iām talking redscare-ish, reality challenged āculture criticsā who write about everything but understand nothing. Iām talking about reply-guys who make the same 6 tweets about the same 3 subjects. Theyāre inescapable at this point, yet I donāt see them mocked (as much as they should be)
Like, there was one dude a while back who insisted that women couldnāt be surgeons because they didnāt believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I canāt escape them, I would love to sneer at them.
(Credit and/or blame to David Gerard for starting this.)
Hereās a fun oneā¦ Microsoft added copilot features to sharepoint. The copilot system has its own set of access controls. The access controls let it see things that normal users might not be able to see. Normal users can then just ask copilot to tell them the contents of the files and pages that they canāt see themselves. Luckily, no business would ever put sensitive information in their sharepoint system, so this isnāt a realistic threat, haha.
Obviously Microsoft have significant resources to research and fix the security problems that LLM integration will bring with it. So much money. So many experts. Plenty of time to think about the issues since the first recall debacle.
And this is what theyāve accomplished.
https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/
@rook @BlueMonday1984 wow. Why go to all the trouble of social engineering a company when you can just ask Copilot?
@rook @BlueMonday1984 Maybe they have asked CoPilot to write the code that restricts access for CoPilot?
(Sometimes this future feels like 2001 A Space Odyssey, just as a farce. And without benevolent aliens.)
@rook @BlueMonday1984
Thankfully Iām able to say āwhat is sharepoint?ā
I did meet it once. A client used it in their office. But when they wanted us offshore (via satellite link) to contribute to it, it became awfully unstable, probably because of latency/ unstable data links.
Itās M$. I doubt it has improved.
Abusing privileged identities like this to do things is apparently a thing the younger hackers are quite good at so this will all be fun.
Is that this one or a different instance of the same bug?
I think that these are different products? I mean, the underlying problem is the same, but copilot studio seems to be āconfigure your own llm front-endā and copilot for sharepoint seems to be an integration made by the sharepoint team themselves, and it does make some promises about security.
Of course, it might be exactly the same thing with different branding slapped on top, and Iām not sure you could tell without some inside information, but at least this time the security failures are the fault of Microsoft themselves rather than incompetent third party folk. And that suggests that copilot studio is so difficult to use correctly that no-one can, which is funny.