| ▲ | niwtsol 3 hours ago |
| Title is a bit misleading, no? You have to have openclaw running on an open box. And the post even says "135k open instances" out of 500k running instances? so a bit clickbait-y |
|
| ▲ | 0cf8612b2e1e 3 hours ago | parent | next [-] |
| 1/5 rounds to “probably” when discussing security. |
| |
| ▲ | nickthegreek 3 hours ago | parent [-] | | The 135k number appears to be pulled out of thin air? No idea where the 65% comes from. The command the post gives to list paired devices isn't correct. These are red flags. | | |
| ▲ | TZubiri an hour ago | parent [-] | | It's pretty reasonable though, a lot of OpenClaw instances are hosted on a VPS, this is not unsafe. My interpretation is that 135k instances are vulnerable, but of those there's more conditions that need to be met, specifically: These need to be multi-user systems where there are users with 'basic pairing' privileges. Which I don't think is very common, most instances are single-user. So way less than the 135k number. I think a more accurate title would have been "If you're running OpenClaw, you are probably vulnerable" but not "you probably got hacked", that's just outright false and there's no evidence that the exposed users were ALL hacked. |
|
|
|
| ▲ | mey 3 hours ago | parent | prev | next [-] |
| More than 25% of users seems like a pretty accurate "probably". |
| |
| ▲ | DrewADesign 3 hours ago | parent | next [-] | | You know you’re getting into zealot territory when people are arguing semantics over the headline pointing to a zero authentication admin access vulnerability CVE that affects a double-digit percentage of users. | | |
| ▲ | earnesti 3 hours ago | parent [-] | | Does it really? Digging up the data from example the 135k instances in the open reeks like bullshit, I would suspect several other claims are exaggerated as well. | | |
| ▲ | DrewADesign 3 hours ago | parent [-] | | > Digging up the data from example the 135k instances in the open reeks like bullshit, I would suspect several other claims are exaggerated as well. Do you so stringently examine most CVEs? I’ll bet you don’t. Are you a big fan of this project? I’ll bet you are. Do you have any actual data to counter what they said or do you just sort of generally not vibe with it? If so, now would be a great time to break it out while this is still fresh. If not… | | |
| ▲ | nickthegreek 2 hours ago | parent [-] | | They are pointing out the data provided does not appear to be real. There is no credible link to this 135k number. They do not need to provide a number, as one does not appear to exist. | | |
|
|
| |
| ▲ | peacebeard 3 hours ago | parent | prev | next [-] | | Today I learned nobody agrees on what the word "probably" means. | | |
| ▲ | SequoiaHope 3 hours ago | parent | next [-] | | Ya I thought it meant “more probable than not” ie 50+%. Otherwise I would say “you may have been hacked” not “you probably have been hacked”. | | |
| ▲ | lwansbrough 3 hours ago | parent [-] | | That is what it means. Unless you're losing an argument on the internet and you need a word to hide behind. ;) |
| |
| ▲ | zephen 3 hours ago | parent | prev [-] | | You're probably right. |
| |
| ▲ | furyofantares 3 hours ago | parent | prev [-] | | Here's a statement that's about 3x as true then: If you're running OpenClaw, you probably didn't get hacked in the last week. |
|
|
| ▲ | yonatan8070 an hour ago | parent | prev | next [-] |
| This sounds like a classic case of "35% of statistics are made up" |
|
| ▲ | earnesti 3 hours ago | parent | prev | next [-] |
| The 135k instances is likely not true at all. |
|
| ▲ | DrewADesign 3 hours ago | parent | prev [-] |
| It’s also only 65% of those that have zero authentication configured, according to that post (which I have done nothing to confirm or challenge at all… Frankly I wouldn’t touch OpenClaw with a ten foot… cable?) That said, I think it’s far more important to get people’s attention who might otherwise not realize how closely they need to pay attention to CVEs than it is to avoid hyperbole in headlines. |
| |
| ▲ | codechicago277 3 hours ago | parent [-] | | Not if this is crying wolf and causing those same people to ignore the very real security risks with using OpenClaw. | | |
| ▲ | DrewADesign 3 hours ago | parent [-] | | How is 20% of users getting pwned ”crying wolf” by any reasonable measure? This is a zero authentication admin access vulnerability. | | |
| ▲ | codechicago277 an hour ago | parent | next [-] | | Because 20% is not “probably got hacked” and overstates the problem for most users. That doesn’t mean this isn’t a critical vulnerability, and I think it’s insane to run OpenClaw in its current state. But the current headline will burn your credibility, because 80% of users will be fine with no action, and they’ll take future security issues less seriously as a result. | |
| ▲ | nickthegreek an hour ago | parent | prev [-] | | All the numbers you are using appear to be made up by the reddit poster. I say that as they provided no citation to them (for all I know they got them from an AI). I attempted to verify any of the numbers he used and could not. By exaggerating the numbers he is crying wolf. | | |
|
|
|
