AI Framework Ray Doesn't Include a Single Security Feature(gabetocci.medium.com) |
AI Framework Ray Doesn't Include a Single Security Feature(gabetocci.medium.com) |
Security firm discovered that a number of people misconfigured their nodes and put them on public internet, which allowed anyone to run their code there.
The result somehow blames the ray.ai, rather than people who misconfigured servers. I wonder if the same researchers also used to also blame FTP server writers for allowing anonymous uploads...
(If you install a typical FTP server on an internet-accessible host, does that immediately enable anonymous uploads if you use the default configuration?)