Collaborate Disseminate
A new anti-spoofing feature is about to be introduced to Android which will make biometric authentication mechanisms more secure. As explained by Google: To keep users safe, most apps and devices have an authentication mechanism, or a way to prove…Re… Continue reading Android P to Get Better Biometrics against Spoofing Attacks
I just received a message via SMS that I bought something from an online shop with my credit card. The message reads like this (translated from German):
Your credit card purchase – please check: – shop lampe.de: – amount
… Continue reading Message telling me that I bought something with credit card
Let’s take an example where there are two resource servers – RS1 and RS2 and there is one authorization server – AS.
Both resource servers – RS1 and RS2 use authorization server – AS
If a client requests an access token for… Continue reading OAuth – How does the Resource Server validate the access token is not for any other Resource Server?
Suppose a desktop OS has a lock screen and fades and locks after inactivity. Suppose the default appearance and inactivity duration are well known (eg consider a default installation of some popular version of Linux). Is ther… Continue reading Fake lock screen in full screen browser window
Why users always fall for the lamest phishing scams is beyond comprehension, but hackers take advantage of this weakness and hide their scheming behind the usual fake prizes and too-good-to-be-true giveaways. This time, it was Adidas’ turn to fea… Continue reading Adidas fans hit by phishing scam
Today I was working on a project on my localhost ( I’m a web developer ), when I noticed Firefox is showing a message that means I need to login to my ISP before I can start browsing ( The notification bar that appears under … Continue reading Firefox directs me to strange chinese error page, is my security compromised?
Yesterday, in a bid to entertain myself for a while, I was playing around with DNS servers. I set up a DNS server locally, which I then set as my primary DNS server. Within it, I added some records that overrode what would ot… Continue reading How does faked DNS manage to downgrade preloaded HSTS?
My employer owns a Wordpress blog and I have an account with it used to submit blog posts. I have recently received a few password reset emails that link to an external site.
These emails appear to be from the authentic Word… Continue reading Fake WordPress reset password email with an external X-Google-Original-From header
I was creating a new bank account here in the US at HSBC’s popular online bank…
You know the step where you have to verify the account you’re sending from, by receiving two small test payments?
I was astounded to see HSBC have a new sy… Continue reading Bank asked for a cross login?
I started exploring hacking about two weeks ago. So far I’ve learnt quite a lot just experimenting and googling with Kali. Just now I’m looking into arp spoofing for mitm attacks. I discovered how you could bypass HSTS to red… Continue reading Is spoofing dead?