Collaborate Disseminate
I have received many security emails from LinkedIn over the past few weeks. An example is shown below (redaction mine)
I do not live in the USA and I did not try to access LinkedIn at the times these were received.
Two things suggested to… Continue reading Is it bad practice to prompt users to reset password when there is no evidence of a breach?
Our company is scaling back some helpdesk services and rolling out a self service password reset service from specopssoft.com, and I have been unable to locate what backup authentication methods they use. Does anyone know anything about th… Continue reading How secure is specopssoft.com password reset service? [closed]
I have noticed on most websites that all previous password reset links are automatically expired when a new one is requested.
Why is this so common and what are some possible consequences if this isn’t done?
Continue reading Should newly password links reset old ones? if so, why?
It has crossed my mind to include the requesting IP address in password reset emails. The intention being that if someone is receiving unexpected reset emails, this allows them to do a basic level of investigation. Ok, people can hide thei… Continue reading Pros & cons of including requesting IP address in password reset emails?
I’m doing some work for a government subsidiary in underdeveloped region in a developing country. (Giving this context to confirm that this is NOT FOR NEFARIOUS reasons).
I’ve got an email address like so dept@organization.gov.kr. Because … Continue reading How to find hosting site/login page for organization email [closed]
I am writing an application to do the following procedures automatically:
It resets (or change – I know the old password) Windows local Administrator password using net user Administrator *
After resetting Windows password, it encrypts a … Continue reading How to sync Windows password with current session after password reset? [migrated]
A friend has lost her iPhone and has forgotten her AppleID. There seems to be no way to find out what your AppleID is unless you have a Mac or iPad, which she doesn’t have.
She also has her Google account set as the recovery account for he… Continue reading Google – How to recover account [closed]
Scenario:
The setup is that each user has a randomly generated key A used for encrypting data stored on the server and a password-derived key B used to store A on the server without the server getting access to A. So the server stores the … Continue reading How could one use multi-factor authentication to derive a static secret key?
This is from the perspective of someone who had supposedly forgotten their password. We’re doing this project wherein we "secure" an application that was given to us. We added this "forget password" feature that allows … Continue reading When resetting password after forgetting it, why is there a need to notify "Password cannot be your previous password"?
I am currently working on a solution to at least try to implement a working/modern "change password" option to chntpw.
First of all: Windows uses this format in its hive file:
root@rescue /mnt/Windows/System32/config # samdump2 S… Continue reading How to generate actually valid NTLM hash for chntpw (for SAM hive file injection)