Mastodawn

Masked Weaver Aug 10, 2025

Matthew Aug 8, 2025

"open the pod bay doors, Hal"

"sure, the doors are now open"

"no, Hal, they aren't. open the doors"

"you are right, that is my mistake. i have now opened the doors"

"Hal, the doors are still not open. open the doors!"

"you are right, the doors are not open. i have now opened the doors"

"Hal! the doors are still not open! i'm dying out here!"

"i am sorry, i did not open the doors when i said i had. that was my mistake. the doors are now open"

"... Hal ... open ... the ..."

#MicroFiction

Masked Weaver Jun 8, 2025

Southie Wusky May 29, 2025

Commission

Masked Weaver Jun 4, 2025

Security Fest rocks! #securityfest

Masked Weaver Mar 6, 2025

Pavel A. Samsonov Mar 5, 2025

My hobby? Blackout #poetry

#tech #technology

Masked Weaver Jan 1, 2025

David Heidelberg Jan 1, 2025

finally reasonable CAPTCHA

https://doom-captcha.vercel.app/

DOOM® CAPTCHA

Prove you're human by playing DOOM

DOOM® CAPTCHA

Masked Weaver Dec 6, 2024

Thomas Roccia

Dec 6, 2024

🎁 GenAI x Sec Advent #6

🍯 In security, a honeypot is a decoy machine designed to attract attackers, to trap them or to study their behavior.

This year at Defcon, my friend @0x4d31 introduced a clever idea on this concept. He combined a webserver honeypots with LLMs! 😏

Galah is a web server honeypot that dynamically generates HTTP responses based on the pages attackers attempt to access.

Why this is clever? 👇

Traditional honeypots are often easy to detect and to fingerprint. But if you use a LLM to generate unpredictable, context-specific responses, then it is a little bit harder for attackers to identify the trap (except with some obvious cases, but you get the idea 🤓).

Something I like is that it also randomizes the server version.

Of course this is not perfect as you can see in the screenshots below and you can sometimes guess that the answer is from an LLM 🤔

I’m running the server for a few more hours so you can test it yourself—until the limit is reached.

(🚨 Please don’t brute-force the server. Otherwise the other will not be able to play)

🐝 Server address: 170.64.237.245:8080
🍯 Galah Project: https://github.com/0x4D31/galah

#honeypot #cybersecurity #genai #infosec

GitHub - 0x4D31/galah: Galah: An LLM-powered web honeypot.

Galah: An LLM-powered web honeypot. Contribute to 0x4D31/galah development by creating an account on GitHub.

GitHub

Masked Weaver Jun 16, 2024

sdw Jun 16, 2024

Your GPS Is Wrong

Masked Weaver Oct 2, 2023

Proton Mail Oct 2, 2023

A new low, even for #Google. Giving Google permission to share information about you with third-party websites is being falsely advertised as an "ad privacy feature". This is privacy washing at its most extreme. But it gets even worse.

There is a dark pattern on the second screenshot. It isn't just informing you about the fake privacy features. Clicking on "Got it" actually turns on these features that allow Google to use your recent browsing history for ads on third-party websites: