Tarpits

DeepSeek has captured the world’s attention this week, with an unexpected release of the more-open AI model from China, for a reported mere $5 million training cost. While there’s lots of buzz about DeepSeek, here we’re interested in security. And DeepSeek has made waves there, in the form of a ClickHouse database unintentionally opened to the world, discovered by the folks from Wiz research. That database contained chat history and log streams, and API keys and other secrets by extension.

Finding this database wasn’t exactly rocket science — it reminds me of my biggest bug bounty win, which was little more than running a traceroute and a port scan. In this case it was domain and sub domain mapping, and a port scan. The trick here was knowing to try this, and then understanding what the open ports represented. And the ClickHouse database was completely accessible, leaking all sorts of sensitive data. Continue reading “This Week In Security: DeepSeek’s Oopsie, AI Tarpits, And Apple’s Leaks” →

Hackaday

1 Articles

This Week In Security: DeepSeek’s Oopsie, AI Tarpits, And Apple’s Leaks

Search

Never miss a hack

If you missed it

Digital Paint Mixing Has Been Greatly Improved With 1930s Math

Supercon 2024: Joshua Wise Hacks The Bambu X1 Carbon

Big Chemistry: Catalysts

Contrails Are A Hot Topic, But What Is To Be Done?

Mining And Refining: The Halogens

Our Columns

Time Vs Money, 3D Printer Style

Hackaday Podcast Episode 306: Bambu Hacks, AI Strikes Back, John Deere Gets Sued, And All About Capacitors

This Week In Security: DeepSeek’s Oopsie, AI Tarpits, And Apple’s Leaks

Retrotechtacular: The Tyranny Of Large Numbers

Forgotten Internet: Giving (or Getting) The Finger

Search

Never miss a hack

Subscribe

If you missed it

Our Columns