Slack Plugs Token Security Hole
Slack fixes a security loophole that opened hundreds of corporate Slack accounts to the public. Continue reading Slack Plugs Token Security Hole
Category Archives: credentials
OAuth 2.0 Resource Owner Password Grant – Handling of Access Token Upon Logging Out
I am new to OAuth 2.0. I used BShaffer’s OAuth PHP Server on Authorization Code Grant, and I understand that the client application can have its OAuth token separate from its session authentication, that is, if a user logs out, the access … Continue reading OAuth 2.0 Resource Owner Password Grant – Handling of Access Token Upon Logging Out
How secure is the Windows Credential Manager?
I’m a Lastpass user and many times I thought about switching to the Credential Manager, for auto sync and a certain comfort with the windows environment. The only thing that I’m worried about is its security. I heard that it’s quite easy f… Continue reading How secure is the Windows Credential Manager?
How can I manually add login credentials through the Windows Credential Manager?
For example I’d like to add the Steam login credentials, since the browsers won’t ask to save the password. Is there a way to do it manually?
If I choose to add a new windows credentials and put in the url form: store.steamp… Continue reading How can I manually add login credentials through the Windows Credential Manager?
How can I manually add login credentials through the Windows Credential Manager?
For example I’d like to add the Steam login credentials, since the browsers won’t ask to save the password. Is there a way to do it manually?
If I choose to add a new windows credentials and put in the url form: store.steamp… Continue reading How can I manually add login credentials through the Windows Credential Manager?
VU#344432: Patterson Dental Eaglesoft uses a hard-coded database password across installations
Patterson Dental Eaglesoft is a dental records software. Eaglesoft uses a hard-coded database password that is shared across all installations. Continue reading VU#344432: Patterson Dental Eaglesoft uses a hard-coded database password across installations
Boom in Steam account hijacking is due to cheap Steam Stealers
With over 125 million active users, Valve’s Steam is the most popular online gaming platform in the world and, consequently, forms a huge pool of targets for cyber crooks and scammers. After all, Steam accounts contain users’ personal and payment info, as well as offer the opportunity to earn money by trading away items users have accumulated. “Account theft has been around since Steam began, but with the introduction of Steam Trading, the problem has … More → Continue reading Boom in Steam account hijacking is due to cheap Steam Stealers
Safe way to store credentials for an application
I want to use an API for one of the projects on which I am working. What’s the good practice/way to store the credentials required for the API? For example, I don’t want to later push the project into git with those details s… Continue reading Safe way to store credentials for an application
Dell open sources DCEPT, a honeypot tool for detecting network intrusions
Dell SecureWorks researchers have developed a tool that allows Windows system administrators to detect network intrusion attempts and pinpoint them to the original source (i.e. a compromised endpoint), and have made it available for everybody. “In Microsoft Windows networking, a domain is a group of computers that have registered with a central database known as the domain controller. Using a Windows component known as Active Directory (AD), network administrators can manage all user accounts, processes, … More → Continue reading Dell open sources DCEPT, a honeypot tool for detecting network intrusions
Security flaw in iOS, Safari weird behavior or what else?
some months ago I was travelling and flew from Frankfurt airport and, while there, I probably connected to some Telekom.de free hotspot. I have an iPhone 6 with iOS 9.02 (at that time it was 8.1.x).
Couple days ago I looked … Continue reading Security flaw in iOS, Safari weird behavior or what else?