Comment by debugnik

Comment by debugnik 4 days ago

6 replies

View on Hacker News

Fair, then I obviously think Xe may have a kinda misguided understanding of their own product. I still stand by the concept I stated above.

rhaps0dy 4 days ago

latest update from Xe:

> After further investigation and communication. This is not a bug. The threat actor group in question installed headless chrome and simply computed the proof of work. I'm just going to submit a default rule that blocks huawei.

Reply View 5 replies
  • scratchyone 4 days ago

    this kinda proves the entire project doesn't work if they have to resort to manual IP blocking lol

    Reply View 4 replies
    • troyvit 3 days ago

      It doesn't work for headless chrome, sure. The thing is that often, for threats like this to work they need lots scale, and they need it cheaply because the actors are just throwing a wide net and hoping to catch it. Headless chrome doesn't scale cheaply so by forcing script kiddies to use it you're pricing them out of their own game. For now.

      Reply View 0 replies
    • Aachen 3 days ago

      Doesn't have to be black or white. You can have a much easier challenge for regular visitors if you block the only (and giant) party that has implemented a solver so far. We can work on both fronts at once...

      Reply View 2 replies
      • 1gn15 3 days ago

        The point is that it isn't "implementing a solver", it's just using a browser and waiting a few seconds.

        Reply View 1 reply
        • Aachen 2 days ago

          That counts as something that can solve it, yes. Apparently there's now exactly one party in the world that does that (among the annoying scrapers that this mechanism targets). So until there are more...

          Reply View 0 replies