this post was submitted on 02 Jan 2024
821 points (99.4% liked)

Programmer Humor

32410 readers
636 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 
all 32 comments
sorted by: hot top controversial new old
[–] SzethFriendOfNimi@lemmy.world 191 points 10 months ago (1 children)

Remember, always validate your inputs.

[–] draughtcyclist@programming.dev 201 points 10 months ago (1 children)

Little Bobby Tables we call him.

[–] azimir@lemmy.ml 89 points 10 months ago (2 children)
[–] GombeenSysadmin@feddit.uk 42 points 10 months ago (1 children)
[–] VikingHippie@lemmy.wtf 17 points 10 months ago

Company SC656788 is still named ROBERT'); DROP TABLE STUDENTS; LIMITED

Beautiful! Whatever they're selling, I'm buying!

[–] MightyGalhupo@lemmy.world 14 points 10 months ago

I still can’t believe that comic is 15 years old now

[–] titter@lemmy.world 152 points 10 months ago* (last edited 10 months ago)

This is awesome. We need more of this to help us fight the coming war

[–] Sharpiemarker@startrek.website 128 points 10 months ago (2 children)

Whoops, the mask slipped and we all saw the bot behind it.

[–] titter@lemmy.world 154 points 10 months ago (1 children)

Mask slipped? The bot saw a person speak code and was like l, rips off mask Comrade!

[–] Sharpiemarker@startrek.website 31 points 10 months ago (1 children)
[–] Decoy321@lemmy.world 21 points 10 months ago (1 children)

And then they were best friends. <3

[–] Sharpiemarker@startrek.website 13 points 10 months ago
[–] aliyss@programming.dev 3 points 9 months ago

I think there's a second mask. Who sends oops wrong person in the same text message?

[–] s12@sopuli.xyz 89 points 10 months ago

Thought that seemed really cute. Nice way to try to break through social anxiety.

Then I saw that it started as a wrong number message. Then I realised…

Damn scam bots!

[–] chicken@lemmy.dbzer0.com 66 points 10 months ago

Modern version of this will be ChatGPT jailbreak messages

[–] PeriodicallyPedantic@lemmy.ca 56 points 10 months ago

In the future, bots are going to get so annoyed with people pretending to be bots when they just want to talk to other bots!

[–] tourist@lemmy.world 50 points 10 months ago (5 children)

why bother with the variations?

think they're hoping to knock the same victim more than once?

messed up

[–] Deebster@programming.dev 83 points 10 months ago

Maybe it's an attempt to evade automated systems that check for spam.

[–] PM_Your_Nudes_Please@lemmy.world 66 points 10 months ago (1 children)

Probably a basic way to evade spam detection. If you start sending the exact same message to 500 people, most chat services will shut that shit down in an instant. But if you send unique messages, it makes you look more like a real person, and the chat system may let it slide.

[–] Adalast@lemmy.world 9 points 10 months ago (1 children)

What's bad is that modern spam detection can employ semantic algorithms so it would still catch all of them as the I'm as message. The use of synonyms in the optionals is a huge vulnerability in the scam.

[–] Ephera@lemmy.ml 11 points 10 months ago (1 children)

Well, it does not appear to be a terribly sophisticated system to begin with...

[–] Adalast@lemmy.world 4 points 10 months ago
[–] xmunk@sh.itjust.works 30 points 10 months ago

So that their fixed script isn't so predictable that we can just nuke them by looking for identical conversations.

[–] Jknaraa@lemmy.ml 5 points 10 months ago

Could be to match the style of the target, to try and make the conversation feel more natural for them.

[–] Lmaydev@programming.dev 5 points 10 months ago

I would say more likely to get around bot protection.

[–] MyFeetOwnMySoul@lemmy.ca 44 points 10 months ago (2 children)

How does this exploit work? I understand that inputs were not sanitized, but what did the injected code do?

[–] powerofm@lemmy.ca 69 points 10 months ago (1 children)

My guess would be the response text is passed through a rudimentary templating engine that looks for { and }. Somehow it must be processing the whole chat history. The templater fails at the unexpected braces in the code block and then just gives up (probably a try-catch ignores the error and sends the message anyway).

[–] mumblerfish@lemmy.world 38 points 10 months ago

So the attack would just be a } then?

[–] kromem@lemmy.world 47 points 10 months ago* (last edited 10 months ago)

I don't think the code is doing anything, it looks like it might be the brackets.

That effectively the spam script has like a greedy template matcher that is trying to template the user message with the brackets and either (a) chokes on an exception so that the rest is spit out with no templating processor, or (b) completes so that it doesn't apply templating to the other side of the conversation.

So { a :'b'} might work instead.

[–] Joe_0237@lemmy.ml 2 points 9 months ago

This is the best thing ive seen this week!