Google Simplifies Two-Step Verification
Google has simplified its 2-step verification feature with a basic prompt users can take advantage of as a second form of authentication. Continue reading Google Simplifies Two-Step Verification
Category Archives: credentials
VU#785823: Lantronix xPrintServer contains multiple vulnerabilities
The Lantronix xPrintServer and its accompanying cloud storage API contains several vulnerabilities. Continue reading VU#785823: Lantronix xPrintServer contains multiple vulnerabilities
Credential Stealing as an Attack Vector
Traditional computer security concerns itself with vulnerabilities. We employ antivirus software to detect malware that exploits vulnerabilities. We have automatic patching systems to fix vulnerabilities. We debate whether the FBI should be permitted to introduce vulnerabilities in our software so it can get access to systems with a warrant. This is all important, but what’s missing is a recognition that… Continue reading Credential Stealing as an Attack Vector
Slack Plugs Token Security Hole
Slack fixes a security loophole that opened hundreds of corporate Slack accounts to the public. Continue reading Slack Plugs Token Security Hole
OAuth 2.0 Resource Owner Password Grant – Handling of Access Token Upon Logging Out
I am new to OAuth 2.0. I used BShaffer’s OAuth PHP Server on Authorization Code Grant, and I understand that the client application can have its OAuth token separate from its session authentication, that is, if a user logs out, the access … Continue reading OAuth 2.0 Resource Owner Password Grant – Handling of Access Token Upon Logging Out
How secure is the Windows Credential Manager?
I’m a Lastpass user and many times I thought about switching to the Credential Manager, for auto sync and a certain comfort with the windows environment. The only thing that I’m worried about is its security. I heard that it’s quite easy f… Continue reading How secure is the Windows Credential Manager?
How can I manually add login credentials through the Windows Credential Manager?
For example I’d like to add the Steam login credentials, since the browsers won’t ask to save the password. Is there a way to do it manually?
If I choose to add a new windows credentials and put in the url form: store.steamp… Continue reading How can I manually add login credentials through the Windows Credential Manager?
How can I manually add login credentials through the Windows Credential Manager?
For example I’d like to add the Steam login credentials, since the browsers won’t ask to save the password. Is there a way to do it manually?
If I choose to add a new windows credentials and put in the url form: store.steamp… Continue reading How can I manually add login credentials through the Windows Credential Manager?
VU#344432: Patterson Dental Eaglesoft uses a hard-coded database password across installations
Patterson Dental Eaglesoft is a dental records software. Eaglesoft uses a hard-coded database password that is shared across all installations. Continue reading VU#344432: Patterson Dental Eaglesoft uses a hard-coded database password across installations
Boom in Steam account hijacking is due to cheap Steam Stealers
With over 125 million active users, Valve’s Steam is the most popular online gaming platform in the world and, consequently, forms a huge pool of targets for cyber crooks and scammers. After all, Steam accounts contain users’ personal and payment info, as well as offer the opportunity to earn money by trading away items users have accumulated. “Account theft has been around since Steam began, but with the introduction of Steam Trading, the problem has … More → Continue reading Boom in Steam account hijacking is due to cheap Steam Stealers