Blog Posts Tagged with "Login"

50a3c69a961fe8acf7b68c430ab8c592

Convenience Comes at a Steep Price: Password Management Systems & SSO

July 12, 2017 Added by:Alexandre Cagnoni

Many consumers and businesses are flocking to the mirage of safety offered by password management firms, which are only as strong as their weakest link (often humans).

Comments  (0)

Fd7e078e5bfb68a4be33cbfac76f4f70

Recovering Login Sessions, Loaded Drivers, and Command History with Volatility

September 18, 2012 Added by:Michael Ligh

Learn about the undocumented windows kernel data structures related to RDP logon sessions, alternate process listings, and loaded drivers. See how Volatility can help you forensically reconstruct attacker command histories and full input/output console buffers...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

Illinois Bars Employers from Obtaining Social Media Credentials

August 20, 2012 Added by:David Navetta

Although privacy advocates and federal regulators and legislators have primarily been focusing on consumer privacy issues, such as behavioral advertising and data mining, the significant changes in workplace privacy protections demand continued vigilance from employers...

Comments  (1)

B64e021126c832bb29ec9fa988155eaf

Yahoo and Billabong Password Dumps Analyzed

July 19, 2012 Added by:Dan Dieterle

Wow, not one, but two massive password dumps in one day. Hackers leaked a very large number of Billabong and Yahoo passwords in plain text with no need to try to crack them. We looked at the passwords using the analysis tool Pipa, and here is what we found...

Comments  (1)

03b2ceb73723f8b53cd533e4fba898ee

LinkedIn: Vulnerability in the Authentication Process

May 22, 2012 Added by:Pierluigi Paganini

This attack is possible due to an error in validating of the security token (CSRF token) that allows an unlimited number of requests using the same token for different users. The only mechanism against the attack is a CAPTCHA challenge-response test after dozens of attempts...

Comments  (1)

959779642e6e758563e80b5d83150a9f

Treat Passwords Like Cash

May 14, 2012 Added by:Danny Lieberman

Every Web site and business application has a different algorithm and password policy. For users, who need to maintain strong passwords using 25 different policies on 25 different systems sites, it’s impossible to maintain a strong password policy without making some compromises...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Hackers Post Thousands of Twitter Account Logins

May 09, 2012 Added by:Headlines

Analysis of the data dump indicates that of the fifty-five thousand sets of account logins, around twenty-thousand were duplicates, and a large percentage were associated with accounts that were already suspended for violations of terms of service...

Comments  (0)

94ae16c30d35ee7345f3235dfb11113c

Social Media Security 101

April 24, 2012 Added by:Joel Harding

EVERYTHING is compromised. Every web site, every data base, every place that touches the web – I assume this at all times. There is not one among us whose network has not been compromised. The security mantra in the past was “Risk Avoidance”. That is no longer the case...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Disagreement on Password Vault Software Findings

April 12, 2012 Added by:Brent Huston

Recently, some researchers have been working on comparing password vault software products and have found some issues. However, many of the vendors are quickly moving to remediate the identified issues, many of which were simply improper use of proprietary cryptography schemes...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

The Top Forty Banks Targeted by the SpyEye Trojan

March 21, 2012 Added by:Headlines

Researchers from F-Secure released a list of the top forty banks targeted by SpyEye, one of the more powerful data-sniffing Trojans ever developed. The release of the SpyEye source code last year meant a dramatic increase in its application became a very real scenario...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Twitter Finally Enables HTTPS as a Default Setting

February 14, 2012 Added by:Headlines

Among other security benefits, the HTTPS feature will prevent users from having their login credentials stolen by attackers who may attempt to harvest passwords when users access their accounts over unencrypted Wi-Fi networks...

Comments  (0)

37d5f81e2277051bc17116221040d51c

How to Recover a Hacked Facebook Account

December 02, 2011 Added by:Robert Siciliano

At least weekly some stressed out victim of a Facebook hack a.k.a “account takeover”, contacts me to help them get their account back in order. While I do have a connection or two at Facebook, the victim of the hack is in the best position to fix it themselves...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Sony Networks Compromised with Brute-Force Attack

October 12, 2011 Added by:Headlines

Sony Corporation have yet again been breached, compromising 60,000 PlayStation and 33,000 Online Entertainment accounts. The source of the attack is unknown, but reports in indicate that the infiltrators used login credentials from an unnamed third-party to gain access to the systems...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Who's Logged In? A Quick Way to Pick Your Targets

October 04, 2011 Added by:Rob Fuller

Say you need to get your bearings quickly on an internal test and going into each shell and doing a PS, then looking through the list for all the users logged in is a definitely not ideal. I wrote a quick script that you can throw in the Meterpreter scripts folder to aide you a bit with this...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Usernames and Passwords Are Facilitating Fraud

September 30, 2011 Added by:Robert Siciliano

Here we are in 2011 and well over half a billion records have been breached. While not all of the compromised records were held by financial institutions or were accounts considered “high-risk”, many of those breached accounts have resulted in financial fraud or account takeover...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Consumers Still Prefer Convenience Over Security

August 24, 2011 Added by:Headlines

"Any change to the way a customer accesses their account is going to take a while to get used to. But this small extra step delivers such an increase in security to our internet banking users, that we are confident we have got the balance right," an HSBC official said...

Comments  (4)

Page « < 1 - 2 > »