Sturgist

@Sturgist@lemmy.ca

This is a remote user, information on this page may be incomplete. View at Source ↗

Stone Mason, Canadian ExPat living in the UK, Hobbyist musician.

⁨Comment⁩ on ⁨Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

Though fixed and never maliciously exploited, EchoLeak holds significance for demonstrating a new class of vulnerabilities called ‘LLM Scope Violation,’ which causes a large language model (LLM) to leak privileged internal data without user intent or interaction.

As the attack requires no interaction with the victim, it can be automated to perform silent data exfiltration in enterprise environments, highlighting how dangerous these flaws can be when deployed against AI-integrated systems.

How EchoLeak works

The attack begins with a malicious email sent to the target, containing text unrelated to Copilot and formatted to look like a typical business document.

The email embeds a hidden prompt injection crafted to instruct the LLM to extract and exfiltrate sensitive internal data.

Because the prompt is phrased like a normal message to a human, it bypasses Microsoft’s XPIA (cross-prompt injection attack) classifier protections.

Later, when the user asks Copilot a related business question, the email is retrieved into the LLM’s prompt context by the Retrieval-Augmented Generation (RAG) engine due to its formatting and apparent relevance.

The malicious injection, now reaching the LLM, “tricks” it into pulling sensitive internal data and inserting it into a crafted link or image.

Aim Labs found that some markdown image formats cause the browser to request the image, which sends the URL automatically, including the embedded data, to the attacker’s server.
⁨Comment⁩ on ⁨Judge Hints Anthropic’s AI Training on Books is Fair Use (1)⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Only if you can afford to pay the bribes
⁨Comment⁩ on ⁨End of 10 is a campaign to move people over to Linux with Windows 10 support ending⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
I know you said you’re not an Arch kinda guy…but I highly recommend Garuda.

Takes away most of the rough parts of running Arch, and comes in more flavours than you can shake a stick at. The forums are highly active, and Devs/admins/mods are very quick to respond to question/issue posts.
⁨Comment⁩ on ⁨The Forever Winter's water will no longer drain away while you're offline⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
I was hyped when I first heard about it. And with them dropping the shitty mechanic that was putting me off, I’ll definitely grab it at some point.

Looks like it’s 20% off right now, but reading through the recent(ish) reviews, it looks like it’s still in a state that I would likely find aggravating. Namely AI jank, and enemies spawning/despawning while in view.

That said, a positive review makes an excellent point:

@Mango-killa

We bullied the devs into releasing the game early and are upset that it’s unfinished. I love the concept, but still needs a ton of polish and tweaks to be perfect. Give em time to cook.

It’s been on my wishlist, despite the now defunct water mechanic, since I heard about it. And I’ll give the Devs the time they need to cook.
⁨Comment⁩ on ⁨The Forever Winter's water will no longer drain away while you're offline⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
It was a stupid mechanic, and the reason I lost interest in the game.
⁨Comment⁩ on ⁨Steam Deck / Gaming News #3⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
And you also have a type there! 😉
⁨Comment⁩ on ⁨If you need an absorbing dungeon RPG this winter, here's one with over two billion floors⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
Fair enough. I’ve not even got to the locked building. I’ve only put like 30 odd hours in. And I’m a bit of a shit gamer 😅
⁨Comment⁩ on ⁨If you need an absorbing dungeon RPG this winter, here's one with over two billion floors⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
You guys have reached Golgotha?