credentials – Page 43 – WindowsTechs.com

XPCTRA financial malware leaves no stone unturned

Posted on September 26, 2017 by Zeljka Zorz

A Trojan that has previously been only stealing users’ banking credentials has been modified to do much more than that. This new variant, dubbed XPCTRA, can also steal users credentials for bitcoin cryptocurrency wallet Blockchain.info, online e-payment service PerfectMoney, e-wallet provider Neteller, as well as email credentials. The XPCTRA financial malware threat The threat was discovered and analyzed by Morphus Labs CRO (and SANS ISC incident handler) Renato Marinho, who says that the sample he … More → Continue reading XPCTRA financial malware leaves no stone unturned→

How to separate storing sensitive data and hash passwords?

Posted on September 22, 2017 by Icki

Scenario: I have a web application with an authentication system (classic). The application is basically an interface to a DB (MongoDB) which holds sensitive data. I properly hash the stored passwords.

Assuming hashing preve… Continue reading How to separate storing sensitive data and hash passwords?→

How to separate storing sensitive data and hash passwords?

Posted on September 22, 2017 by Icki

Assuming hashing preve… Continue reading How to separate storing sensitive data and hash passwords?→

HSM key management system on AWS/Azure

Posted on August 10, 2017 by skunkwerk

I need to store user database credentials securely for an application to access.

I have considered:
– using AWS RDS with an encrypted PostgreSQL instance
– using the AWS key management system, backed by a hardware security m… Continue reading HSM key management system on AWS/Azure→

Is There Any Real Benefit To Encrypting A Password Before Sending Over SSL [duplicate]

Posted on August 2, 2017 by yitzih

This question already has an answer here:

For an HTTPS web application, is it worthwhile to encrypt the password before POSTing it, to keep a MITM attacker from harversting it?

… Continue reading Is There Any Real Benefit To Encrypting A Password Before Sending Over SSL [duplicate]→

Under HIPAA, is it allowable to remember/store user credentials?

Posted on July 26, 2017 by prinz

My medical chat application is handling PHI, and it enforcing unique, secure logins which ensure that only authorized / appropriate people can access that data. For now, I implemented touchID Authentication with iOS. By this … Continue reading Under HIPAA, is it allowable to remember/store user credentials?→

751 domains hijacked to redirect visitors to exploit kit

Posted on July 14, 2017 by Zeljka Zorz

An unknown attacker has managed to modify the name servers assigned to 751 domains, which resulted in some visitors to the hijacked domains being redirected to a site hosting the Rig Exploit Kit and delivering the Neutrino Bot. Discovery of the attack As reported by French domain registrar and web host Gandi, the attack started last Friday, and was made possible through use of compromised login credentials of one of the company’s technical partners (through … More → Continue reading 751 domains hijacked to redirect visitors to exploit kit→

Reasons to place a time limit on entering login credentials?

Posted on June 19, 2017 by BlueCompute

A service I use has a time limit (seemingly fairly short – 10-20 seconds maybe) on entering credentials at the login webpage. Attempting to login after this period gives the below message:

[For security reasons, users are required to enter their credentials within a given period. This period has been exceeded. We’d like to ask you to log in again.]

The page then refreshes and I can log in without issue.

What security concerns might this service be trying to address by requiring the login within a ‘given period’?

Continue reading Reasons to place a time limit on entering login credentials?→

Credentials in URL for Python "Requests" library

Posted on June 14, 2017 by Nitin_Ramesh

Will using the following code,result in credentials being passed in the URL?
I know it is a GET method.But how does the python requests library process this?
Does it attach it to the URL or attach it to the headers?

from req… Continue reading Credentials in URL for Python "Requests" library→

Credentialed scanning through SSH tunnel

Posted on June 7, 2017 by SilverlightFox

If I wish to run Nessus against a Windows server that is only accessible from another machine, I can setup an SSH tunnel like so:

ssh user@10.99.5.6 -L 127.0.0.1:445:10.0.0.45:445 -L 127.0.0.1:139:10.0.0.45:139

Then I would configure Ne… Continue reading Credentialed scanning through SSH tunnel→