fabslog

category: Security

links_

Monday, March 30, 2026

ChatGPT Won't Let You Type Until Cloudflare Reads Your React State. I Decrypted the Program That Does It. www.buchodi.com EN The author decrypted Cloudflare Turnstile bytecode and found it fingerprints browsers and ChatGPT's React state to create access tokens that detect bots.
Security Privacy Technology Web AI OpenAI ChatGPT Cloudflare fingerprinting React OpenAI ChatGPT

Thursday, March 26, 2026

Don’t trust, verify | daniel.haxx.se daniel.haxx.se EN-US The author urges verifying curl releases and source to defend against supply-chain and CI-based attacks.
Security Software Engineering Open Source

Tuesday, March 3, 2026

Disable Your SSH Access With This One Simple Trick sny.sh EN scp can change target directory permissions to match the source, causing sshd to reject key authentication.
Security Systems scp sshd permissions OpenSSH

Friday, February 27, 2026

I found a Vulnerability. They found a Lawyer. | Blog | Yannick Dixken dixken.de EN A researcher describes responsibly disclosing a trivial account vulnerability that exposed personal data and receiving legal threats instead of cooperation.
Security Privacy Legal vulnerability disclosure gdpr lawyer