TLDR: They generated some phishing emails using LLMs, they sent the emails to 108 elderly people who agreed to be in a study, 11% of the recipients clicked a link.
Generating a phishing email isn't very difficult to do, with or without an LLM, and claiming that because someone clicked on a link, they were "compromised" seems disingenuous.
More interesting to me, is using LLMs in multi-turn phishing correspondence with victims, the paper mentions this in the discussion, but it isn't something that they appear to have actually tested.
(author here) I think it is interesting to see that models like gemini will do basically whatever you want. this study was mainly designed to help an otherwise mostly anecdotal investigative report on AI scams targeting seniors.
Have you done any analysis of what proportion of the lin file is being read in total?
You stated in the blog post, that your goal is to try and find unused content, however if as described, the file is just a record of how the game loads the data, then it won't contain any hidden unused assets, since unused assets would never have been read from the original unoptimised file, and thus never written to this optimized file.
I agree and don't think there's any unused data. For `common.lin` for instance my parser reads it basically to the end and there's some small amount of data that's unused. I never actually quantified the amount but I'm fairly certain it's <100 bytes. Probably a bug in there.
The goal post has shifted so far beyond my original intentional at this point. The devs working on the EnhancedSC mod have a strong desire to port some Xbox assets/maps to PC, so I'm mostly doing it at this point as an attempt to help them out.
*On second thought, there's definitely some unused scripting functionality. Script functions which are unused are still included in their parent classes and are loaded if the parent object is loaded, even if never directly called. Whether or not any of this is interesting is another story.
Textures and models though will definitely not be present unless they're used in some non-visible way.
Did the support agents have the ability to send arbitrary emails from commerce@coinbase.com? If not, how did the scammers send a properly signed email?
> While both amazonses.com and coinbase.com DKIM checks passed, this is exactly how phishing works—attackers can configure Amazon SES to send "from" coinbase.com
How does Amazon SES let you sign an email from a domain you don't control? Unless this means that somehow the scammer had access to DNS records for coinbase.com which indicates some really crazy compromise somewhere either of Coinbase or the DNS chain.
I’m not certain either way, but part of the document tries to make a big deal about some GitHub profiles having the “arctic code vault archive” badge, and implying that has something to do with running an archive website.
Pretty much anyone who has made any kind of commit to an open source project has that badge.
read the same PDF a year or so back when someone spammed it across the archive.is blog, laughed when i got to that bit - it's pretty clear the person writing it doesn't know anything about development
edit: it's incredibly naive of them to immediately trust the WHOIS results. i can say from experience that these are never checked
I’m not a New Yorker or even an American, but it’s interesting just how much coverage this election has gotten in social media.
I think most of his major policies are pretty bad, but I also think the reaction against him has been over the top.
He is going to need cooperation from the state legislature, if he wants to collect the taxes needed to fund his policies, and I’m not sure how successful he will be at that.
A lot of people are rooting both for and against him, so it’s going to be interesting either way.
> He is going to need cooperation from the state legislature, if he wants to collect the taxes needed to fund his policies, and I’m not sure how successful he will be at that.
Why? How much of NYC's budget comes from Albany?
My impression was that NYC had its own budget, paid for by its own taxes.
(de facto realpolitik-wise NYC will continue existing, but my point is to widen your Overton window to realize even NYC's own taxing authority is still under NYS' jurisdiction)
> My impression was that NYC had its own budget, paid for by its own taxes.
If those who claimed they would leave NYC for Florida (etc.) make good on their promises NYC will see a significant drop in tax revenues while the expenditures will skyrocket due to Mamdani's free-stuff policies. They can try to increase taxes which will lead to more net tax payers leaving the city. Of course it remains to be seen whether all those who said they would leave - up to a million people according to the legacy media - end up doing so but if this comes to pass those free buses might not end up happening after all. He'll probably blame it on the exodus and wash his hands clean off his campaign promises.
A new Florida Atlantic University poll reveals that nearly half of Florida
residents have considered moving due to rising costs of living, despite the
state’s continued reputation as an affordable destination for many who live in
northern areas of the U.S.
The poll, conducted by FAU’s Business and Economic Polling Initiative,
surveyed 1,000 Floridians and found growing economic frustration as property
taxes, home insurance, and housing costs continue to climb.
“Insurance. That’s the biggest one,” one resident said when asked about
financial pressures.
The findings come as a surprise to researchers, given Florida’s traditional
appeal as an escape from high-cost northern states.
That is why I said up to a million people according to the legacy media. I'm pretty sure a sizeable number of people will leave NYC due to the election results but I don't know how many.
> I think most of his major policies are pretty bad, but I also think the reaction against him has been over the top.
Pretty similar. I'm not much of a socialist, but I'm shocked how extremely racist the opposition has been too. He cares. The opposition don't seem to care at all.
Over 50% of rented units in New York are regulated somehow. 34% “rent stabilised pre-74”, 8% “rent stabilized post-73”, 1% rent controlled, 7% public housing, 2% other
They are both price controls on rent.
The eligibility criteria are different, and the terms by which rent may increase are different, but they seem pretty close to the same thing to me.
He describes OSI licenses as “genocide-friendly”, and links to the OSI page about how their licenses don’t prohibit the software being used for “evil”.
Yet his own license also has no such prohibition.
You are free to commit genocide using his tiling window manager, provided that your genocide is strictly non-commercial.
Generating a phishing email isn't very difficult to do, with or without an LLM, and claiming that because someone clicked on a link, they were "compromised" seems disingenuous.
More interesting to me, is using LLMs in multi-turn phishing correspondence with victims, the paper mentions this in the discussion, but it isn't something that they appear to have actually tested.