Collaborate Disseminate
There are lots of resources discussing the security of fingerprints but I haven’t been able to find the answer to a very basic question.
In the simplest possible password authentication scenario, the password is sent from the client to the… Continue reading how does fingerprint authentication work without trusting the client device?
We’ve all certainly heard about the widely overhyped BadUSB exploits on the Physon microcontrollers.
There’s certainly a high potential of gaining something by targeting such a specific device, which is designed to only contain secrets.
Ev… Continue reading What security measures does YubiKey take to secure its hardware from malicious firmware tampering? [closed]
I’m asking this question because almost all new websites ask us to click Accept Cookies button. So I click it reluctantly.
I am afraid that the Accept Cookies button action would trigger some script written on that website or its server th… Continue reading Can a website access your browser password vault using a button that the user clicks? [duplicate]
These techniques are not new, but they’re increasingly popular:
…some forms of MFA are stronger than others, and recent events show that these weaker forms aren’t much of a hurdle for some hackers to clear. In the past few months, suspected script kiddies like the Lapsus$ data extortion gang and elite Russian-state threat actors (like Cozy Bear, the group behind the SolarWinds hack) have both successfully defeated the protection.
[…]
Methods include:
- Sending a bunch of MFA requests and hoping the target finally accepts one to make the noise stop.
…
Hey so am new to pentesting and I learnt that using https makes the traffic encrypted so hackers cannot decipher credentials passed in a body for example in a login page or read the traffic properly. So I was practicing with both GET and P… Continue reading Credentials in a POST body over https are visible
It’s common knowledge that one shouldn’t login to personal or bank accounts on public wifi such as in a starbucks or a hotel. However, assuming that the connection is HTTPS and the passwords itself are encrypted, how is it not secure? Beca… Continue reading If the connection is encrypted, is it still unsafe to login at a public network?
Cybersecurity asset management does not come with the excitement following the metaverse, blockchain, or smokescreen detection technologies, but it is essential for the protection of corporate infrastructure. It is no secret that just one vulnerable, u… Continue reading The security gaps that can be exposed by cybersecurity asset management
Password reset According to Forrester, a single password reset can cost an organization $70. As eye popping as that figure may be, it pales in comparison to organization wide password reset costs. Gartner estimates that up to 40% of all helpdesk calls … Continue reading Product showcase: Specops uReset SSPR solution
You create an account on an online service X with login=your email + password. Compare these 2 situations:
No 2FA enabled. The only risk is if your email is compromised: the "I lost my password" feature can be used, and then the… Continue reading Doesn’t 2FA increase the vulnerability of an account?
I’ve seen multiple sources online that say that unlock patterns are less safe than ‘random’ PINs.
I was thinking; how come?
From what I see, they would both be just as secure; you chose different points on a grid, in a certain order, and t… Continue reading Shouldn’t patterns be just as secure as PINs?