Gonçalo Ribeiro

@goncalor@infosec.exchange
344 Followers
443 Following
3.4K Posts
Defend. Pwn. Infosec. Free software. Vim nerd. #rustlang #electronics
websitehttps://goncalor.com
GitHubhttps://github.com/goncalor
Gonçalo Ribeiro11h ago
Show threadGJ Groothedde 🇪🇺6d ago
@selzero
Gonçalo Ribeiro11h ago
Show threadAdam R. Wood6d ago
@Eetschrijver @selzero Here's the first one (alt text took me awhile):
Gonçalo Ribeiro11h ago
Baklava Monster17h ago
Spotted a reverse engineering boutique at Zurich main station
Gonçalo Ribeiro11h ago
Information Is Beautiful12h ago

We are here

(by Dan Meth https://www.danmeth.com/)

Gonçalo Ribeiro14h ago
jwz3d ago

You MUST listen to RFC 2119.

Eric Bailey: It turns out you can just pay people to do things. I found a voice actor and hired them with the task of "Reading this very dry technical document in the most over-the-top sarcastic, passive-aggressive,...
https://jwz.org/b/ykqi

Gonçalo Ribeiro1d ago
CatSalad🐈🥗 (D.Burch) 1d ago
The world is cruel
therefore I won't be
Gonçalo Ribeiro3d ago
CatSalad🐈🥗 (D.Burch) 3d ago

Sometimes a women needs a hobby

🎨by techranova

Gonçalo Ribeiro3d ago
Bolha Progresso do Ano3d ago

🗓️ 02/07/2025

O ano está em:
⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣀⣀⣀⣀⣀⣀⣀⣀⣀⣀ 50%

Gonçalo Ribeiro3d ago
BeyondMachines 3d ago
Strong Password Policy 101
Edit: for bonus points it messes with your OCD. There's a method to the madness
Gonçalo Ribeiro3d ago
AltonDooley4d ago

We use these signs at the museum when we pull a specimen from exhibit for study.

Someone on my staff attached this one to my office door. That’s the kind of people I hire, apparently.

#museum #MuseumLife

×
BeyondMachines Jun 16
#VibeCoding your MFA
Show threadJohndgeek 🌎Jun 16
@beyondmachines1 Talk about vibe coding the pipeline. 
Show threadSteffen VoßJun 16
@beyondmachines1 
Show threadAlerta! Alerta!Jun 16
@beyondmachines1 🤣
Show threadSherlock SchafJun 16
@beyondmachines1 🤪
Show threadBespoke Nonsense MachineJun 16
@beyondmachines1 all I see is hunter2
Show threadkaeJun 16
@beyondmachines1 chat is this real?
Show threadBeyondMachines Jun 16
@kae_bytheocean no clue. But I'm thinking Debug = True
Show threadMartin SchröderJun 17
@beyondmachines1
Even then: When would the frontend ever get the code?
@kae_bytheocean
Show threadBeyondMachines Jun 17
@oneiros @kae_bytheocean seemed like a great idea at development debug time 🤷
Show threadVincent SparksJun 22

@beyondmachines1

Where did you get this image from, if you didn't take the screenshot yourself?

Also, why did you assume it was vibe coding?

Show threadBeyondMachines Jun 22
@AVincentInSpace I didn't. It was shared with me.
And I'm truly hoping that it's vibe coding, the alternative is scarier.
Show threadVincent SparksJun 22
@beyondmachines1
The alternative is that it's a joke. Quit catastrophizing.
Show threadBeyondMachines Jun 22
@AVincentInSpace Sure, let's go with that.
Show threadVincent SparksJun 22

@beyondmachines1

I'm not going to accept that this is a public facing page without proof, and neither should you. In its current form, it is nothing more than ragebait. That you're spreading.

Show threadBeyondMachines Jun 22
@AVincentInSpace whatever helps you sleep better. 🫡
Show threaddzamieJun 16
"x0cx0x" sure is an interesting way to censor the first six digits of a phone number
Show threadEmber Jun 17
@dzamie not ai generated, just typical OCR errors (probably the OCR software included in mastodon)
Show threaddzamieJun 17
I suppose "ai" is just a synonym for "general-purpose LLM" these days, yeah
Show threadvita is something :3Jun 16
@beyondmachines1 i took like a whole minute to understand this T~T
Show threadNico ErfurthJun 16
@beyondmachines1 I fear it's real, isn't it?
Show threadKit 🏳️‍🌈🏳️‍⚧️🇺🇦Jun 16
@beyondmachines1 What application is that, smh? I'm not sure the people know the purpose of sending a code to your phone XD
Show threadThe Psychotic Network FerretJun 16
@beyondmachines1
Show threadsullybikerJun 16
@beyondmachines1 Oh dear god
Show threadOzzelotJun 16
@beyondmachines1
Perhaps it is the number of an entirely different code. 
Show threadBeyondMachines Jun 16
@ozzelot That is so evil
Show threadOzzelotJun 16
@beyondmachines1 The correct code has arrived at the phone and this is for internal use by people who have access to the DB and have no intention to bother with phones, I assume
Show threadBeyondMachines Jun 16
@ozzelot that's what we call a back door. And having a back door is always a bad idea.
Show threadOzzelotJun 16
@beyondmachines1
Well, if it weren't for little old security through obscurity, it would be a front door!
Show threadlunchyJun 16
@beyondmachines1 is this real?
Show threadBeyondMachines Jun 16
@lunch I'm putting my money on Debug = True
Show threadROTOPE~1 Jun 16
@beyondmachines1 2Fast 2FA 2Furious
Show threadJPeckJun 16
@beyondmachines1 really streamlines the authentication process
Show threadBeyondMachines Jun 16
@boscoandpeck we need HX, Hacker eXperience
Show threadJPeckJun 16
@beyondmachines1 😂 I can see the job listing now for a full stack hx developer
Show threadStanley Nerdlinger IIJun 16
@beyondmachines1
Wait. Let me get my phone.
Show threadJustin DerrickJun 16
@beyondmachines1 Your alt-text needs a little tweak, the 'xxx-xxx' looks a little messed up.
Show threadChief Master Sergeant Walter HJun 16
@beyondmachines1 Better UX, that.
Show threadBeyondMachines Jun 16
@chief everyone is happy. Customers, hackers, everyone!
Show threadAndy FletcherJun 16

@beyondmachines1 About 15 years ago I had a bank account in Qatar. They had SMS authentication for transfers.

The form asked you for your Qatar Id - easy as it was displayed at the top of the webpage then invited you to put in a phone number for the SMS authentication message to be sent to. You could use any phone number - your own, the wife or even a co-worker. I tried!

Show threadBeyondMachines Jun 16
@X31Andy I bet there are such implementations even now
Show threadDDJun 16
@beyondmachines1 LMAO 🤣
Show threadjbzJun 16
@beyondmachines1 accessibility feature here I come
Show threadOpenComputeDesignJun 16
@beyondmachines1 Please don't ask me how long I had to stare at this before I realized what was wrong 🤦
Show threadBeyondMachines Jun 16
@OpenComputeDesign like looking for my glasses while i'm wearing them 🤷‍♂️
Show threadimpossibleibex 🇺🇦Jun 16
@beyondmachines1 did you vibe code the alt text too?
Show threadBeyondMachines Jun 16
@impossibleibex Obviously, one has to be consistent
Show threadAvuton OlrichJun 16
@beyondmachines1 One step better, but still a hellscape, is when they're all individually typed, impossible to paste to, boxes.
Show threadMasonJun 16
@beyondmachines1 I don't get this please help 😭
Show threadDosFoxJun 16

@mason @beyondmachines1
It took me a minute - the code that is being sent as an SMS...

...is already displayed on the screen.

Show threadÖlbaumJun 16
@mason Apparently instead of just telling you it sent a code to your phone for verification, it also tells you the code, which defeats the purpose.
Show threadSpeed demon 🇪🇺 🇳🇴🇺🇦Jun 16
@oscherler They kept the phone-number hidden thogh, so it's not all bad. :-D @mason
Show threadMasonJun 16
@oscherler Oh now I just noticed haha
Show threadCharles P.Jun 16

@mason @beyondmachines1 « We sent the code 012345 to your phone, please check your phone and write down 012345 below. Remember, the code is 012345 »

Useful, don't even have to check my phone.

Show threadMonsieur RalphJun 16
@beyondmachines1 0 factor authentication
Show threadBeyondMachines Jun 16
@RalphBassfeld
Show threadMonsieur RalphJun 16
@beyondmachines1 😂