There used to be a time when building out a botnet required *some* work – writing exploits, taking over devices, obscuring the purpose of the executable, etc.
-
@marcink right?
Don't worry, as soon as OpenClaw gets hit by supply-chain attack, which they inevitably are going to, this will flip.
@rysiek But between this being openclaw and the insufferably LLM-ish tone of the blog post (pictured below) we can at least rest assured that there is a chance that no human being had to be involved in writing, editing, or reviewing these.
-
@rysiek But between this being openclaw and the insufferably LLM-ish tone of the blog post (pictured below) we can at least rest assured that there is a chance that no human being had to be involved in writing, editing, or reviewing these.
@marcink what a fantastic scene in that film.
-
@marcink what a fantastic scene in that film.
@rysiek If there is any silver lining to this LLM bubble is that it will provide way more than enough material for a sequel.
-
There used to be a time when building out a botnet required *some* work – writing exploits, taking over devices, obscuring the purpose of the executable, etc.
Not any more!
Instead of "malware", call it an "AI agent" and people will just happily install it on their devices with full root privileges!
https://github.com/jgamblin/OpenClawCVEs/Bam! RCE by asking nicely.
🧵
@rysiek it’s a shame we still act like people are doing great things when they publish stuff like this.
-
@rysiek it’s a shame we still act like people are doing great things when they publish stuff like this.
(assuming "stuff like this" is OpenClaw, not the openClawCVEs repo)
-
Do they mention any of this on their landing page? No, of course not:
https://openclawai.io/Do they mention this on their quickstart page? No, of course not:
https://openclawai.io/quickstartBut they sure mention the managed hosting that is "coming soon"! Which of course they shill in their blogpost about the vulnerabilities:
> For many users, that’s a reasonable tradeoff. For others, it’s the argument for managed hosting.
Security fuckup? More like business opportunity, amirite?
🧵
@rysiek the entire basis of modern capitalism is to sell the solution to a problem you yourself created.
-
(assuming "stuff like this" is OpenClaw, not the openClawCVEs repo)
@rysiek Oh yes definitely OpenClaw. I have no problem whatsoever if people want to experiment on their own, but it was highly irresponsible to release it in the state it was in, imo.
-
J jwcph@helvede.net shared this topic
