Open in app
Luke Young
43 Followers
About

Sign in

Open in app

·Pinned

How I built a click farm to “bypass” Cloudflare’s CAPTCHA killer with some cheap USB security keys, an Arduino, and a bit of python.

Any opinions stated here are my own, not necessarily those of any past, present, or future employer.

6 powered HyperFIDO keys connected to a USB hub and attached to a Arduino
6 powered HyperFIDO keys connected to a USB hub and attached to a Arduino

What is Attestation of Personhood?

Cloudflare recently published a blog post about a potential replacement for CAPTCHAs by utilizing signatures from hardware security keys and WebAuthn they are calling “Attestation of Personhood”. The post triggered a good bit of discussion online, particularly around the threat of automation mentioned near the end of the post:

Read more in better appsec · 9 min read

·Aug 2, 2017

·Aug 6, 2016

Here’s the slides and exploits from the DEF CON 24 talk in Las Vegas, NV. Video to follow in a few weeks.

Slides v1

drive.google.com

Update on the slides, these issues have all been resolved, the slides were not updated before upload to the DEF CON server

bored-engineer/ps-exploits

ps-exploits

github.com

bored-engineer/ps-splunk

ps-splunk - Splunk perfSONAR tools

github.com

·Jul 22, 2016

I decided to relaunch my blog with my recent domain name change. It’s unlikely I will migrate the old content, but look forward to my incoherent ramblings about security bugs and the state of the industry in the future.

Luke Young

I find bugs and exploit them. Sometimes for money, mainly for T-Shirts. https://www.linkedin.com/in/bored-engineer/

About

Write

Help

Legal

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store