So, many banks issue a digital version of your banking card (whatever that may be) onto your personal devices, and many of these cards have the same card numbers + expiry date but a unique CVV number for online payments, which is different from the physical card.
Apparently many banks allow either the digital, or the on-card CVV number to be accepted when making an online purchase, meaning that a lot of bank cards with a corresponding digital version probably have 2 (or more) valid CVV combinations instead of a single one 🤔
=> More informations about this toot | View the thread
A quick tl;dr for people with some of the main points
=> More informations about this toot | View the thread
The loops.video instance has been submitted to #FediBlock with the reason being outlined below. I can't say I disagree, the terms of service presents a serious problem for user content rights, and this should be addressed before federation of loops.
Otherwise for the safety of your users I would highly suggest that instance admins defederate loops immediately once it comes online (assuming the TOS is not changed first)
https://bajsicki.com/blog/loops-video-terms/
=> More informations about this toot | View the thread
Feeling cute, might fuck around and become a missionary for free and open technology later.
Catch me giving sermons on the street corner about the benefits of free software, and the need for open hardware to prevent the evil sins of corporate code that exploits the people!!
=> More informations about this toot | View the thread
with how large the L3 and L2 cache has gotten in modern processors (up to 32MB L3 in common desktop CPUs!!!) I think it would be really funny to build a stripped down linux kernel that can execute directly from L3 cache somehow...
I think Linux and CPUs have some way to pin RAM addresses into L3 cache permanently, might be worth messing with that and seeing if it can work lol
=> More informations about this toot | View the thread
Interesting how the #Loops repo is marked as AGPL 3.0 code on github, and yet the backend server being used by the loops app is actually running newer code which has not been released to the public yet.
This is a violation of the AGPL 3.0 license clearly displayed on the project's github page, and all users who have interfaced with the Loops API are legally entitled to the updated backend source code too... where is the code? why are they so against just releasing the code in compliance with their own license already? smh
https://github.com/joinloops/loops-server
=> More informations about this toot | View the thread
Wow, a single comment questioning @dansup@mastodon.social and I was immediately blocked, not even a discussion man? really?
their choice to keep calling loops "open source" while the code is closed, as well as the recent post about hiding federation features behind extra menus so all new users auto-signup to services controlled by him, is concerning for genuine reasons (although I'm sure he's already called me a troll or something)
This combined with the comments/jokes about "exploring" advertising for the loops platform is highly concerning, here you have somebody siphoning users into a single server they control, while developing an app they call open source without any code being available, who also thinks advertisements are a reasonable business model for the fediverse...
We could have just spoken about your views on this, but I suppose my ideas about FOSS and no advertising were too threatening lol
Think twice, or thrice, about actually signing up and supporting #Pixelfed or #Loops while dansup is behind them tbh
=> More informations about this toot | View the thread
semi-regular reminder that captcha technology is almost universally useless, and bots complete almost all forms of captcha faster and more accurately than humans.
Stop using it.
https://techxplore.com/news/2023-08-bots-captcha-humans.html
=> More informations about this toot | View the thread
=> More informations about this toot | View the thread
I feel like the internet should be an independent national organization, independently regulated with its own rule of law and governance systems, letting national governments which are tied to specific populations and land areas control such an important shared global resource is misguided and morally/ethically wrong tbh
=> More informations about this toot | View the thread
this random dude making garage style EDM is pretty awesome
https://youtu.be/RwUHizN6duw
=> More informations about this toot | View the thread
I don't know which one of you needs to see this right now, but here you go....
RE: https://mstdn.business/users/carynroman/statuses/113525279805899817
=> More informations about this toot | View the thread
new rule, if your password input box has a maximum length requirement that is either:
A) Far below industry minimum standards for basic security
OR
B) arbitrarily small without testing or considering the limits of the authentication system (eg hash speed & input truncation)
then you should be banned from doing business until it gets fixed, really there is no reason for services like a bank or fucking PAYPAL to have a maximum password length of 20 or less, it's bullshit
=> More informations about this toot | View the thread
So I have a question for #cryptography fedi, since I have been re-reading details about the argon2i attacks and recent advancements in balloon hashing (and other memory hard algos)...
After looking into this for the last couple of days, is it reasonable to have come to the conclusion that even though argon2id is likely flawed in some ways (and significantly still has not been formally reviewed), it still ends up being the most secure choice compared to other things like scrypt and PBKDF2, no?
I feel like KDFs are having a really hard time lately, all the theoretically great ones are facing either side channel attacks or reductions to the memory hardness, I read a paper proving an attack against scrypt from usenix 2023 as well smh
So I guess even though argon2id isn't great, with the proper tuning parameters it still ends up being more secure than the other options?
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
=> More informations about this toot | View the thread
there are a lot of weird devices sitting around using IPv4 mapped IPv6 addresses (::ffff/96) running wild stuff, and reaching out on IPv6 (but not the easily available IPv4??) addresses and attacking the rest of the internet apparently lol
=> More informations about this toot | View the thread
TIL that systemd-analyze security works even for an unprivileged user on the system, easy way to identify potential privesc attacks on system services I guess 🤔
=> More informations about this toot | View the thread
kind of sick of the crazy number of bruteforce bots attacking certain well-known IP ranges... I think I'll just run honeypots and put SSH on port 1337 from now on instead lol
=> More informations about this toot | View the thread
An attack on the internet archive is an attack on the internet itself, and should be stopped at all costs tbh
RE: https://infosec.exchange/users/patrickcmiller/statuses/113310192121079763
=> More informations about this toot | View the thread
I once saw a senior teacher at an educational institute click past the MS office "execute embedded macros?" warning popup SO FAST that personally, as a computer expert, I did not process what she had done until several seconds after the machine was already compromised.
It was at this exact moment that I comprehended the sheer effectiveness of telling the user to disable their own security controls. The teacher had done this so often it was muscle memory.
I didn't even get time to read the warning.
=> More informations about this toot | View the thread
thinking about how "oh this document won't verify, it always verifies, guess it must have broke let me manually accept it" is a thing I've seen several employees do at real businesses...
I think we should explain to people that just because your security system "always works" doesn't mean the one time it signals an error is a "mistake"... you're probably just looking at a security threat lol
=> More informations about this toot | View the thread
=> This profile with reblog | Go to froge@social.glitched.systems account This content has been proxied by September (ba2dc).Proxy Information
text/gemini