Ridiculous Captcha At Github To Reset Your Password Hacker News

There are 6 pictures with each having 4 dices. You have to add up the dice count and find the picture whose dice count is equal to 14. It starts with 5 rounds, but after that you have to complete 5 more rounds. You need more than 5 seconds to solve a round? That is too slow, you have to start from the start again. A colleague had to reset his password, and it took 3 people in the zoom call and 3 tries until we were able to solve the captcha.

How can anyone think that this is a good idea? I've always assumed that captchas like this are only used when they have already "Decided" never to let you in, so just feed you a constant stream of captchas to burn your time, and... I think Google & Yandex have the cruelty of gaslighting down to an science. It's one captcha after another, no matter if you solve it. Never-being-satisfied behavior is super familiar to anyone who's lived with an abusive narcissist. There was an error while loading.

Please reload this page. There was an error while loading. Please reload this page. After 5 or so tries of a dice sum captcha that asks me to select the dice that count up to 14, I fail because I can't do sums quickly under pressure. It's now impossible to reset the password for my forgotten account that I use for school/personal use. The original number of 5 questions extends to 10, even though my answers are all correct, just because I take too much time.

I believe, as well as other people, that either the implemented captcha system should not be terrible (1) - Users can be identified as "risky" (2) - Many people can't solve it , or... Beta Was this translation helpful? Give feedback. Hi there 👋🏼 Thanks everyone who gave feedback on this thread and others ❤️ This has been fixed, however, please continue to share feedback like this if you encounter anything similar! https://github.com/orgs/community/discussions/64625 South African threat actors known as 'Automated Libra' has been improving their techniques to make a profit by using cloud platform resources for cryptocurrency mining.

According to Palo Alto Networks Unit 42, the threat actors use a new CAPTCHA solving system, follow a more aggressive use of CPU resources for mining, and mixe 'freejacking' with the "Play and Run"... 'Automated Libra' was first exposed by analysts at Sysdig in October 2022, who named the malicious cluster of activity 'PurpleUrchin' and believed the group was devoted to freejacking operations. Unit 42 has dived deeper into this operation, analyzing over 250 GB of collected data and uncovering a lot more about the threat actor's infrastructure, history, and techniques. The threat actor runs automated campaigns abusing continuous integration and deployment (CI/CD) service providers, such as GitHub, Heroku, Buddy.works, and Togglebox, to set up new accounts on the platforms and run cryptocurrency miners in... In the world of internet security and data protection, ReCAPTCHA has long been a formidable barrier against automated bots and cyber threats. However, the constant battle between security measures and those seeking to circumvent them has paved the way for innovative solutions to bypass such obstacles.

GitHub, as a hub for developers and programmers, stands at the forefront of this ongoing discussion. This article delves into the realm of ingenious methods and strategies devised by tech-savvy individuals to crack the code of ReCAPTCHA. By exploring the diverse approaches and tools available on GitHub, readers will gain valuable insights into the evolving landscape of online security and the mechanisms employed to navigate through it. ReCAPTCHA is a widely used security measure on websites to prevent automated bots from accessing or submitting information. This technology presents users with challenges, such as identifying distorted text, selecting specific images, or solving puzzles, to verify that they are human. By providing these challenges, ReCAPTCHA distinguishes between genuine human users and malicious bots.

The underlying principle is to create tests that are easy for humans to solve but difficult for automated programs. Moreover, ReCAPTCHA constantly evolves to improve its security features. It utilizes advanced algorithms and AI technologies to analyze user interactions and behavior patterns, further enhancing its efficacy against bots. By continuously updating its challenges and algorithms, ReCAPTCHA stays ahead in the cat-and-mouse game with malicious entities seeking to bypass its defenses. Understanding the intricacies of ReCAPTCHA technology is crucial for developers and security experts aiming to safeguard their online platforms from automated attacks. By comprehending how ReCAPTCHA works and its strengths and limitations, individuals can better tailor their security strategies to protect against unauthorized access and maintain the integrity of their digital assets.

During the course of regular auditing, GitHub discovered that a recently introduced bug exposed a small number of users’ passwords to our internal logging system, including yours. We have corrected this, but you'll need to reset your password to regain access to your account. GitHub stores user passwords with secure cryptographic hashes (bcrypt). However, this recently introduced bug resulted in our secure internal logs recording plaintext user passwords when users initiated a password reset. Rest assured, these passwords were not accessible to the public or other GitHub users at any time. Additionally, they were not accessible to the majority of GitHub staff and we have determined that it is very unlikely that any GitHub staff accessed these logs.

GitHub does not intentionally store passwords in plaintext format. Instead, we use modern cryptographic methods to ensure passwords are stored securely in production. To note, GitHub has not been hacked or compromised in any way. You can regain access to your account by resetting your password using the link below:: If you have any lingering questions or concerns about this, don't hesitate to let us know. You can reach us by emailing support@github.com or by using our contact form:

Despite my initial irritation, it's hard to fault them here, they had many other paths they could've chosen. I suspect many companies, upon determining the bug leaked information internally only in a relatively secure place, would've decided to just delete the offending logs and go on with their day. Enter your user account's verified email address and we will send you a password reset link. 1) User goes to BAD website and signs up. 2) BAD website says “We’ve sent you an email, please enter the 6-digit code! The email will come from GOOD, as they are our sign-in partner.”

3) BAD’s bots start a “Sign in with email one-time code” flow on the GOOD website using the user’s email. 4) GOOD sends a one-time login code email to the user’s email address. 5) The user is very likely to trust this email, because it’s from GOOD, and why would GOOD send it if it’s not a proper login?

People Also Search

• Ridiculous captcha at GitHub to reset your password | Hacker News
• "Forgot Password" Captcha Unnecessarily Hard - GitHub
• Ridiculous captcha at GitHub to reset your password
• Hackers use CAPTCHA bypass to make 20K GitHub accounts in a month
• Cracking the Code: Ingenious Ways to Bypass ReCAPTCHA on GitHub
• I am supposed to solve 20 puzzles to create an account? : r/github - Reddit
• Tell HN: " [GitHub Security] Please reset your password" | Hacker News
• Forgot your password? · GitHub
• Emailing a one-time code is worse than passwords | Hacker News