Zeth
294 posts
Bypassing #EU #AgeVerification using their own infrastructure.
I've ported the Android app logic to a Chrome extension - stripping out the pesky step of handing over biometric data which they can leak... and pass verification instantly.
Step 1: Install the extension
Step 2: Register an identity (just once)
Step 3: Continue using the web as normal
The extension detects the QR code, generates a cryptographically identical payload and tells the verifier I'm over 18, which it "fully trusts".
This isn't a bug... it's a fundamental design flaw they can't solve without irrevocably tying a key to you personally; which then allows tracking/monitoring.
Of course, I could skip the enrolment process entirely and hard-code the credentials into the extension... and the verifier would never know.
Paul Moore - Security Consultant @Paul_Reviews
Hacking the #EU #AgeVerification app in under 2 minutes. During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory. 1. It shouldn't be encrypted at all - that's a really poor design. 2. It's not cryptographically tied to the vault which contains the identity data. So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app. After choosing a different PIN, the app presents credentials created under the old profile and let's the attacker present them as valid. Other issues: 1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying. 2. "UseBiometricAuth" is a boolean, also in the same file. Set it to false and it just skips that step. Seriously @vonderleyen - this product will be the catalyst for an enormous breach at some point. It's just a matter of time.
English
@manniefabian But why are you ignoring the fact that this is the plan for underground terror tunnels in Arad, "Israel", used to attack Iran?Stop using settlers as human shields.
English
The wounded toll of the Iranian ballistic missile impact in the southern city of Arad rises to 64, Magen David Adom says.
They include seven people in serious condition, 15 in moderate condition, and 42 others lightly hurt, according to the ambulance service.
MDA says it is continuing to scan the scene for additional casualties.
The 64 victims are being taken to hospitals by dozens of MDA ambulances, as well as MDA and Israeli Air Force helicopters.
English
WATCH: Israeli airstrike near RT reporter. RT reports its correspondent Steve Sweeney and a cameraman were wounded in an Israeli strike in southern Lebanon today.
Lebanon’s state news agency says two journalists were lightly injured during an IDF strike on the al-Qasmiya bridge.
English
can't believe they renewed wordpress crash out for season 2
English
@FaytuksNetwork "apparent" "accident"... in the
middle of a war zone. Sure.
English
BREAKING: Two U.S. KC-135 refueling aircraft were involved in an apparent accident during Operation Epic Fury, U.S. Central Command says. One tanker crashed in western Iraq while the second landed safely. The incident was not caused by hostile or friendly fire.
English
@Tom663978014096 @gannemans @VP @BillWhiteUSA Why would they need to give any info alongside it? Thats why i hate reporting just say whatever happened without any opinion on it. We don’t need ur opinion.
English
@gannemans @VP @BillWhiteUSA Get your facts straight please.
Publication was not forbidden. The CJD only ruled that the website should have provided info alongside the speech. They received no fines or bans, only a warning, and were required to post the CDJ's ruling on their website for two days.
English
In Belgium (Europe) it is forbidden by the Frenchspeaking "Counsel for Journalism" to publish the Munich speech of J.D Vance because doing so gives publicity to "far right" ideas. @VP @BillWhiteUSA
De Tijd@tijd
Franstalige website 21News op de vingers getikt voor 'kritiekloos' publiceren van speech van J.D. Vance #Echobox=1772710500" target="_blank" rel="nofollow noopener">tijd.be/ondernemen/med…
English
Apparently if a Belgian paper publishes “I would like ram a knife in the neck of every Jew I see” that’s “freedom of speech”
But if a Belgian TV channel broadcasts the speech of vice president JD Vance - they get sanctioned.
Go figure.
English
@stranger1434 @YoussefRaggi Why would they, Lebanon (hezbollah) attacked first, you reap what you sow. Lebanon should've dealt with Hezbollah long time ago.
English
@YoussefRaggi Stand in solidarity with Cyprus but can’t stand in solidarity of your own country as you sit back and let israel invade?
Do you think any EU country will stand in solidarity with Lebanon and try to protect it from israeli aggression?
English
I called the Minister of Foreign Affairs of Cyprus, Konstantinos Kombos, to express my strong condemnation of the attacks targeting the island. I reaffirmed that Lebanon, as always, stands in solidarity with Cyprus in the face of any aggression against it. I also briefed him on the decision taken by the government during its emergency session and its determination to move forward with the decision to place all weapons under the authority of the state.
🇱🇧🇨🇾
English
BREAKING: Lebanese Army moving into southern towns to seize Hezbollah equipment - MTV
English
@Hesamation @elonmusk Yup he did and with 80% less twitter still works, my bad X
English
isn’t this the same Jack Dorsey who over-hired by 40%-50% at Twitter back in 2021, then apologized after @elonmusk trimmed the fat, saying: “I grew the company size too quickly. I apologize for that.”
why am i not surprised he laid off 40% of his employees yesterday.
English
The fact banks still use ACH is insane. Transfers should be instant in 2026.
English
@theo I swear Claude quality feels like it has plummeted since the 4.6 release
English
Just had to remind Opus 4.6 that env variables need to be read. Three separate times. And also remind it that it needs a package.json to have packages available.
I don't know what they did but this is borderline unusable.
English
so far I've found about $90 billion of likely fraudulent payments
just from 0.16% of the providers in the data set released. NY state appears to be the absolute worst
DOGE HHS@DOGE_HHS
Today the HHS DOGE team open sourced the largest Medicaid dataset in department history. This dataset contains aggregated, provider-level claims data for a specific billing code over time. For example, using this dataset, it would have been possible to easily detect the large-scale autism diagnosis fraud seen in Minnesota. Download the data yourself: opendata.hhs.gov
English
@steipete the asymmetry wasnt new tho. low effort PRs always existed. ai just made the volume impossible to ignore. maintainers need review tooling that scales the same way contributor tooling did
English
"Just because a tool—whether a static analyzer or an LLM—makes it easy to generate a report or a fix, it doesn’t mean that contribution is valuable to the project. The ease of creation often adds a burden to the maintainer because there is an imbalance of benefit. The contributor maybe gets the credit (or the CVE, or the visibility), while the maintainer gets the maintenance burden." github.blog/open-source/ma…
English
Now GitButler has a CLI!
Stacked and parallel branches, smartlog, simple commit editing, easy undo, json output to every command. And it just works in any Git repo.
Check it out:
blog.gitbutler.com/but-cli
English
Claude Sonnet 5 "Fennec" & Opus 4.6 Leaks
- Launch Crash: 4 separate outages on Feb 3rd confirm a failed deployment and forced rollback of the new models.
- Double Drop: Vertex AI logs reveal two hidden models permission-gated in the backend: claude-sonnet-5 and claude-opus-4-6.
- Leaderboard King: Leaked benchmarks show Sonnet 5 hitting a massive 83.3% on SWE-bench Verified, destroying the current meta.
- Fennec Agents: New "Claude Code" features spawn autonomous sub-agents (QA, Backend) that act as a full dev team in your terminal.
- Pricing Shock: Rumored to be 50% cheaper than Opus 4.5 while running significantly faster on Google TPUs.
- Countdown: v0 teased an announcement within "3-4 hours," signaling the fix is in and launch is imminent.
(Unverified leaks; treat timelines and benchmarks with caution.)
English
It's been a while since I posted a theme.
I finally found a great color combination with blueish tones. Not too weak, and not too vibrant. Pleasant to use for hours.
What should we name it?
English
Matte Black theme for @zeddotdev reached 14K downloads!
zed.dev/extensions/mat…
English