This is definitely valuable. I started paying attention to MCP security vulnerabilities largely because of Defcon. I believe that they largely focused on Agentic Security as a theme this time around.
It's a bit mind blowing how we've simply accepted non-technical people within orgs in particular executing code to "automate their tasks" without the same level of rigor that normal code reviews go through. Definitely think that this is a cultural issue that we must fix.
And these MCP vulnerabilities in particular seem much scarier because almost all MCP tools require an insane amount of permissions.
I know right? I mean the timing is great. I love MCP but cant stand how unsafe it is. I think there are greatness ahead if we are able to fix this security issue. This was made around the idea to be as seamless as possible, as we built a dashboard, drop in a GH project MCP server link, and have a local DB to show what you ran. We have more great things ahead. But give it a try and let us know what you think!
I thought this article is a great example of how services don't need to overcomplicate their tech stack. Using simple tools and focusing on GTM is so much better than adding complexity. I'm a big fan of Levels and what they have cooking over there.
I used the iPad Pro before the redesign for school.
Currently a lot of my friends use the device as a second screen because they're always traveling. Secondly, many content creators use it as a portable workstation because it works really well for certain types of editing. I personally prefer Lightroom on an iPad to the one on the computer. Lastly, it's my favorite media consumption device. I've been thinking of turning in my iPad Air for the newest iPad Pro because I want the improved screen.
Infiltration, espionage, sabotage, and manipulation of rivals, partners, and other key influential entities. If that fails or seems ineffective threaten/harass/assault (it helped that there was always a fleet of nerds with digital spaceships to call upon heh).
One example would be having an "alt" character be accepted into a rival group, and then just monitor their private chats and asset listings (through that API) for any opportunities to act upon. Think resource transports, infrastructure vulnerabilities, strategic assets mistakenly placed in generally accessible storage, etc.
So really quite similar to how these things work in real life, and nothing that directly involves any trading in and by itself. Mostly market and environment control for better success rates and increased profit margins, but at lower cost and with more leeway for mistakes/timings.
If I wanted to learn how to build an algorithm that can create shadow profiles from say a set of data/inputs, where would I best learn that short of working on this at Facebook?
It's a bit mind blowing how we've simply accepted non-technical people within orgs in particular executing code to "automate their tasks" without the same level of rigor that normal code reviews go through. Definitely think that this is a cultural issue that we must fix.
And these MCP vulnerabilities in particular seem much scarier because almost all MCP tools require an insane amount of permissions.