Lmst
Login
boosted:
Jeff Fortin T. (風の庭園のNekohayo)nekohayo
2025-03-21

Achievement unlocked: loaded a GNOME link that was pasted in a chatroom and triggered @cadey's "Anubis" anti-LLM-scraper protection catgirl with my genuine Firefox browser, and had to watch my CPU burn for a minute :blobmiou:

I regret to inform you that we have now entered the DEFCON 1 stage of the struggle against the LLMs "AI" bubble 🫠

What I don't quite understand is why the GitLab instance would put up this challenge to already logged-in users 🤔

Screenshot of an "Anubis" anti-scraper proof-of-work waiting page blocking immediate access to the GNOME GitLab instance. The waiting page features a catgirl saying, "Making sure you're not a bot!" and "Calculating…"Screenshot of an "Anubis" anti-scraper proof-of-work completed page, where the catgirl raises both thumbs up and exclaims "Success!" and states that my verification took 104980 miliseconds, with 1382644 iterations.
boosted:
Lumen DatabaseLumenDatabase@mastodon.world
2024-12-12

torrentfreak.com/piracy-shield
"Italy's Piracy Shield IPTV blocking system is back in the news today after yet another completely avoidable blocking blunder. On Monday night, yet another CDN IP address was added to the blocklist rendering innocent sites unavailable. Italian tech news site DDaY, a long-standing critic of Piracy Shield's indiscriminate blocking, was among those affected. "

fuggy3
2024-11-28

The irony is that by solving CAPTCHAs, we are effectively training bots to recognize them, even though they are designed to protect against automation. In trying to safeguard ourselves, we inadvertently empower the very systems meant to be kept at bay! 🤖🔒

fuggy3
2024-11-28

Решая капчу, мы по сути обучаем роботов решать капчу. Какова ирония. 🤖🔒

fuggy3
2023-07-27

Web Integrity API is a violation of user freedom. This is an absolute DRM.
news.ycombinator.com/item?id=3

fuggy3
2023-05-02

Lithuania: Students stop university from using only proprietary authentication
fsfe.org/news/2023/news-202304

boosted:
Mysk🇨🇦🇩🇪mysk@defcon.social
2023-05-02

Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.

TL;DR: Don't turn it on.

The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.

We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.

Why is this bad?

Every 2FA QR code contains a secret, or a seed, that’s used to generate the one-time codes. If someone else knows the secret, they can generate the same one-time codes and defeat 2FA protections. So, if there’s ever a data breach or if someone obtains access .... 🧵

#Privacy #Cybersecurity #InfoSec #2FA #Google #Security

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst