Berlin Bassline Brief #10: Grok Build CLI repo uploading, an infostealer pretending to be a crash reporter, a paper claims LLMs aren't chaotic neutral, NIST helps with macOS, PCC
“The wealth required by nature is limited and is easy to procure; but the wealth required by vain ideals extends to infinity.”
Security, General:
Developers using xAI's Grok Build CLI learned it had apparently been uploading entire repos; bad luck for the 8-9 customers of the product: https://gist.github.com/cereblab/dc9a40bc26120f4540e4e09b75ffb547
Security, Apple Platforms:
CrashStealer: a C++ macOS infostealer posing as crash reporter: https://www.jamf.com/blog/crashstealer-macos-infostealer-analysis/
Interesting Paper:
Evaluating Moral and Ethical Alignment in Large Language Models: A Dungeons & Dragons Benchmark, by Jan Sawicki, M. Ganzha, M. Paprzycki: https://www.mdpi.com/2076-3417/16/13/6769
Interesting Tool:
The NIST macOS Security Compliance Project: https://github.com/usnistgov/macos_security
Apple Platforms Security Concept of the Week:
Private Cloud Compute: https://security.apple.com/blog/private-cloud-compute/