Collaborate Disseminate
I’m developing some REST API that requires a HTTP basic auth to access. The APIs are written in Django, and the auth is based on Django auth middleware that is: it checks against the DB, the username and password. The passwor… Continue reading How to cache auth credentials to speed up authentication
At RSA Conference 2017, Bomgar introduced Bomgar Vault 17.1, the latest version of its enterprise password and credential management solution. Bomgar Vault helps organizations secure, manage, and administer shared and sensitive credentials for privileged users and IT vendors, and improve security, compliance, and productivity by enabling security professionals and IT administrators to quickly find and gain control of privileged credentials, manage and rotate passwords, and securely use shared accounts. Bomgar Vault 17.1 is the first … More → Continue reading Remote credential rotation for distributed environments
Several models of Hughes high-performance broadband satellite modems are potentially vulnerable to several issues if not appropriately configured. Continue reading VU#614751: Hughes satellite modems contain multiple vulnerabilities
In a situation where LDAP credentials get leaked but there is still an IP whitelist in place…
My gut feeling says this isn’t right; the credentials should be changed. Is this correct? What technical details can help me imp… Continue reading If LDAP credentials are leaked, is IP whitelist still sufficient protection?
I need to cache my user credentials in a shell script variable since they are required for multiple requests to a REST-API. It won’t be stored in the bash script file itself: user is prompted to enter credentials, and these will be reused … Continue reading How to securely store credentials in a bash variables?
I need to cache my user credentials in a shell script variable since they are required for multiple requests to a REST-API. It won’t be stored in the bash script file itself: user is prompted to enter credentials, and these w… Continue reading How to securely store credentials in a bash variables?
Debian developers are recommending that the Cryptkeeper Linux encryption app be pulled from the distribution after a universal password was found. Continue reading Ugly Password Gaffe Plagues Cryptkeeper Encryption App
I’m designing a webapp from ground up.
From a security standpoint, assuming in both cases I will be hashing with a salt, a peper and a proper hashing algorithm.
Am I better off storing the user credentials in a database t… Continue reading Storing user credentials in local file or database
Researchers recently identified a phishing campaign set up to lure unsuspecting Netflix users into giving up their credentials and credit card data.
Continue reading Netflix Phishing Campaign Targeted User Information, Credit Card Data
And not just your data, but also the data of government officials, lawmakers and diplomats Continue reading Yahoo breach: your account is selling for pennies on the dark web