Blog Posts Tagged with "Login"
Recovering Login Sessions, Loaded Drivers, and Command History with Volatility
September 18, 2012 Added by:Michael Ligh
Learn about the undocumented windows kernel data structures related to RDP logon sessions, alternate process listings, and loaded drivers. See how Volatility can help you forensically reconstruct attacker command histories and full input/output console buffers...
Comments (0)
Illinois Bars Employers from Obtaining Social Media Credentials
August 20, 2012 Added by:David Navetta
Although privacy advocates and federal regulators and legislators have primarily been focusing on consumer privacy issues, such as behavioral advertising and data mining, the significant changes in workplace privacy protections demand continued vigilance from employers...
Comments (1)
Yahoo and Billabong Password Dumps Analyzed
July 19, 2012 Added by:Dan Dieterle
Wow, not one, but two massive password dumps in one day. Hackers leaked a very large number of Billabong and Yahoo passwords in plain text with no need to try to crack them. We looked at the passwords using the analysis tool Pipa, and here is what we found...
Comments (0)
LinkedIn: Vulnerability in the Authentication Process
May 22, 2012 Added by:Pierluigi Paganini
This attack is possible due to an error in validating of the security token (CSRF token) that allows an unlimited number of requests using the same token for different users. The only mechanism against the attack is a CAPTCHA challenge-response test after dozens of attempts...
Comments (0)
Treat Passwords Like Cash
May 14, 2012 Added by:Danny Lieberman
Every Web site and business application has a different algorithm and password policy. For users, who need to maintain strong passwords using 25 different policies on 25 different systems sites, it’s impossible to maintain a strong password policy without making some compromises...
Comments (0)
Hackers Post Thousands of Twitter Account Logins
May 09, 2012 Added by:Headlines
Analysis of the data dump indicates that of the fifty-five thousand sets of account logins, around twenty-thousand were duplicates, and a large percentage were associated with accounts that were already suspended for violations of terms of service...
Comments (0)
Social Media Security 101
April 24, 2012 Added by:Joel Harding
EVERYTHING is compromised. Every web site, every data base, every place that touches the web – I assume this at all times. There is not one among us whose network has not been compromised. The security mantra in the past was “Risk Avoidance”. That is no longer the case...
Comments (0)
Disagreement on Password Vault Software Findings
April 12, 2012 Added by:Brent Huston
Recently, some researchers have been working on comparing password vault software products and have found some issues. However, many of the vendors are quickly moving to remediate the identified issues, many of which were simply improper use of proprietary cryptography schemes...
Comments (1)
The Top Forty Banks Targeted by the SpyEye Trojan
March 21, 2012 Added by:Headlines
Researchers from F-Secure released a list of the top forty banks targeted by SpyEye, one of the more powerful data-sniffing Trojans ever developed. The release of the SpyEye source code last year meant a dramatic increase in its application became a very real scenario...
Comments (0)
Twitter Finally Enables HTTPS as a Default Setting
February 14, 2012 Added by:Headlines
Among other security benefits, the HTTPS feature will prevent users from having their login credentials stolen by attackers who may attempt to harvest passwords when users access their accounts over unencrypted Wi-Fi networks...
Comments (0)
How to Recover a Hacked Facebook Account
December 02, 2011 Added by:Robert Siciliano
At least weekly some stressed out victim of a Facebook hack a.k.a “account takeover”, contacts me to help them get their account back in order. While I do have a connection or two at Facebook, the victim of the hack is in the best position to fix it themselves...
Comments (0)
Sony Networks Compromised with Brute-Force Attack
October 12, 2011 Added by:Headlines
Sony Corporation have yet again been breached, compromising 60,000 PlayStation and 33,000 Online Entertainment accounts. The source of the attack is unknown, but reports in indicate that the infiltrators used login credentials from an unnamed third-party to gain access to the systems...
Comments (0)
Who's Logged In? A Quick Way to Pick Your Targets
October 04, 2011 Added by:Rob Fuller
Say you need to get your bearings quickly on an internal test and going into each shell and doing a PS, then looking through the list for all the users logged in is a definitely not ideal. I wrote a quick script that you can throw in the Meterpreter scripts folder to aide you a bit with this...
Comments (0)
Usernames and Passwords Are Facilitating Fraud
September 30, 2011 Added by:Robert Siciliano
Here we are in 2011 and well over half a billion records have been breached. While not all of the compromised records were held by financial institutions or were accounts considered “high-risk”, many of those breached accounts have resulted in financial fraud or account takeover...
Comments (0)
Consumers Still Prefer Convenience Over Security
August 24, 2011 Added by:Headlines
"Any change to the way a customer accesses their account is going to take a while to get used to. But this small extra step delivers such an increase in security to our internet banking users, that we are confident we have got the balance right," an HSBC official said...
Comments (4)
UPDATE: Booz Allen Hamilton Issues Statement on Hack
July 12, 2011 Added by:Headlines
"Booz Allen Hamilton has confirmed today that the posting of certain data files on the Internet yesterday was the result of an illegal attack. We are conducting a full review of the nature and extent of the attack..."
Comments (5)
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform