Legitti
1.3K posts
Legitti
@Legitti
Crafting captivating audio, orchestrating grand compositions & designing sleek websites.
Katılım Mayıs 2011
420 Takip Edilen11.7K Takipçiler
¡PRAGMATA ya está disponible con #RTXON, path tracing y DLSS 4!
Para celebrarlo, sorteamos esta GeForce RTX 5090 personalizada con los personajes de Hugh y Diana, perfecta para la aventura que te espera en la Luna.
¿La quieres? ¡Escribe PRAGMATA RTX en los comentarios para participar!
Español
PRAGMATA ist jetzt #RTXON – mit Path Tracing und DLSS 4!
Zur Feier verlosen wir diese einzigartige GeForce RTX 5090 mit Hugh und Diana – perfekt für dein nächstes Abenteuer auf dem Mond.
Du willst sie haben? Schreib „PRAGMATA RTX“ in die Kommentare, um teilzunehmen!
Deutsch
Seasonal Profile Badges are coming for all players in Season 8.
Start on April 22 and progress your badge based on wins and level, to archive your Season's progress with a final badge shown on your profile.
English
Galaxy Fam 👋
Which device are you using right now? 👀
Let’s see the distribution 👇
English
Ghost Hunters, don't miss out on today's exclusive Galaxies Showcase Twitch Drop reward for #Phasmophobia.
Watch the show via the official Galaxies channels or a co-streamer for a total of 30 minutes to earn the Astronomer ID Card & Badge set.
More details on where to watch here: galaxiesshow.com
English
@Paul_Reviews Apart from the things you highlighted, why do users only have a certain number of age verifications available? Why does proof of age have an expiration date?
Once I'm over 18, I will always be over 18. I'm not turning any younger!
English
Hacking the #EU #AgeVerification app in under 2 minutes.
During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory.
1. It shouldn't be encrypted at all - that's a really poor design.
2. It's not cryptographically tied to the vault which contains the identity data.
So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app.
After choosing a different PIN, the app presents credentials created under the old profile and let's the attacker present them as valid.
Other issues:
1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying.
2. "UseBiometricAuth" is a boolean, also in the same file. Set it to false and it just skips that step.
Seriously @vonderleyen - this product will be the catalyst for an enormous breach at some point. It's just a matter of time.
Paul Moore - Security Consultant @Paul_Reviews
.@vonderleyen "The European #AgeVerification app is technically ready. It respects the highest privacy standards in the world. It's open-source, so anyone can check the code..." I did. It didn't take long to find what looks like a serious #privacy issue. The app goes to great lengths to protect the AV data AFTER collection (is_over_18: true is AES-GCM'd); it does so pretty well. But, the source image used to collect that data is written to disk without encryption and not deleted correctly. For NFC biometric data: It pulls DG2 and writes a lossless PNG to the filesystem. It's only deleted on success. If it fails for any reason (user clicks back, scan fails & retries, app crashes etc), the full biometric image remains on the device in cache. This is protected with CE keys at the Android level, but the app makes no attempt to encrypt/protect them. For selfie pictures: Different scenario. These images are written to external storage in lossless PNG format, but they're never deleted. Not a cache... long-term storage. These are protected with DE keys at the Android level, but again, the app makes no attempt to encrypt/protect them. This is akin to taking a picture of your passport/government ID using the camera app and keeping it just in case. You can encrypt data taken from it until you're blue in the face... leaving the original image on disk is crazy & unnecessary. From a #GDPR standpoint: Biometric data collected is special category data. If there's no lawful basis to retain it after processing, that's potentially a material breach. youtube.com/watch?v=4VRRri…
English
FINNISH OUTLET: StarSeries Fall 2026 to take place in Vaasa, Finland 🇫🇮
📅 September 17th - 20th
💰 $500,000 prize pool
📍 Vaasan Sähkö Areena
#esportsfi #cs2
Eesti
English
@EpicGames @alanwake So, so sad that Alan Wake 2 never came out on PC
English
@WinRAR_RARLAB @Zinny_Edmund Would be cool to know how many personal vs company licenses you sell per year
English
Data from internal Rockstar Games leak shows PS5 has 3x more players in Grand Theft Auto Online compared to Xbox Series X|S
English
