Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Running it through ChatGPT and asking for its thoughts is a free action. Base64 decoding something that I know to be malicious code that's trying to execute on my machine, that's worrisome. I may do it eventually, but it's not the first thing I would like to do. Really I would prefer not to base64 decode that payload at all, if someone who can't accidentally execute malicious code could do it, that sounds preferable.

Maybe ChatGPT can execute malicious code but that also seems less likely to be my problem.



Huh? How would decoding a base64 string accidentally run the payload?


I'm copy-pasting something that is intended to be copy-pasted into a terminal and run. The first tool I'm going to reach for to base64 decode something is a terminal, which is obviously the last place I should copy-paste this string. Nothing wrong with pasting it into ChatGPT.

When I come across obviously malicious payloads I get a little paranoid. I don't know why copy-pasting it somewhere might cause a problem, but ChatGPT is something where I'm pretty confident it won't do an RCE on my machine. I have less confidence if I'm pasting it into a browser or shell tool. I guess maybe writing a python script where the base64 is hardcoded, that seems pretty safe, but I don't know what the person spear phishing me has thought of or how well resourced they are.


So you are less confident pasting it in https://www.base64decode.org/ than in https://chatgpt.com?

That makes no sense.


I pay ChatGPT money and I have more confidence they've thought about XSS and what might happen with malicious payloads. I guess ChatGPT is less deterministic. Maybe you're right and I'm not paranoid enough, but I would prefer to use an offline tool (and using an LLM does seem worthwhile since it can do more, I can guess it's base64, the LLM can probably tell me if it's something more exotic, or if there's something within the base64 that's interesting. I can do that by hand but the LLM is probably going to tell me more about it faster than I can do it by hand. So it's worth the risk, while pasting it into base64decode.org doesn't seem worth the risk vs. something offline.)

If you think that there's obvious answers to what is and isn't safe here I think you're not paranoid enough. Everything carries risk and some of it depends on what I know; some tools might be more or less useful depending on what I know how to do with them, so your set of tools that are worth the risk are going to be different from mine.


> If you think that there's obvious answers to what is and isn't safe here I think you're not paranoid enough.

I don't think so, I feel like the built-in echo and base64 commands are obviously more potentially secure than ChatGPT




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: