Items Tagged with "Passwords"
March 27, 2011 Added by:J. Oquendo
For those searching for password storage systems, there is no shortage of helpful and even free programs. There is also no shortage of documents explaining why or how to create strong passwords. However, what I noticed in most documents and even programs is their lack of creativity...
March 23, 2011 Added by:Ted LeRoy
The crackers are using automated tools that scan for valid ssh logins using a username list. The sites and names that come up can be processed again, checking for weak passwords or brute force vulnerabilities. The tools and method are not new, but the number of attacks seems much higher lately...
March 22, 2011 Added by:Rob Fuller
I ran into the 'getvncpw' meterpreter script issue on pentests in the past but didn't know much about the whacked out version of DES that RFB (the VNC protocol) was using. Not being a fan of manually editing a binary and compiling each time, I had a password to crack I wanted to find another way...
March 22, 2011 Added by:Headlines
Network administrators may be conducting their own personal risk assessments in the course of their daily duties. They may be weighing factors such as performance pay incentives, the thoroughness of security audits, and time constraints when deciding what is or is not a priority...
March 11, 2011 Added by:Brent Huston
You have to be sharp to see through a social engineering attack. The challenge is to retain that sharpness while in the midst of multiple tasks. Most of the time, the attacker will take advantage of a busy receptionist, a chaotic office, or tired staff when they try their dastardly deed...
February 28, 2011 Added by:Rafal Los
Take a look at the authentication scheme from a 360-degree view and see if the strong authentication 2-factor provides extends to all platforms (mobile device? HTML-only?) If not, then your account is protected by the lowest common denominator, for most sites that's a simple username and password...
February 23, 2011 Added by:Brent Huston
Passwords are the bane of every system administrator’s existence. Policies are created to secure organizations, but when enforced they cause people to have trouble coming up with the multitude of passwords necessary. As a result, people use the same passwords in multiple places...
February 22, 2011 Added by:Roman Yudkin
The burden of so many complex passwords is too high, especially if the user believes the odds of their credentials being stolen are small. Advice on choosing strong passwords and never re-using them is rejected as a poor cost/benefit tradeoff. No wonder users have bad password practices...
February 20, 2011 Added by:Rob Fuller
Brute force, even though it's gotten so fast, is still a long way away from cracking long complex passwords. That's were word lists come in handy. It's usually the crackers first go-to solution, slam a word list against the hash, if that doesn't work, try rainbow tables..
February 12, 2011 Added by:Dan Dieterle
iPhone passwords may not be as secure as one might believe. According to German security researchers from the Fraunhofer Institute Secure Information Technology (Fraunhofer SIT), if you have physical access to the phone, passwords can be recovered from a locked Apple iPhone in six minutes...
February 10, 2011 Added by:Headlines
"Starting Thursday all Google users can choose to turn on a so-called 'two-factor authentication' feature, which will require them to type in a special, short-lived second password in addition to their normal password to get into their account..."
February 08, 2011 Added by:Headlines
Consumers know that leaving their Wi-Fi network open is not good, but the reality is that many have not taken the steps to protect themselves. Consumers can activate Wi-Fi security protections in a few simple steps, but much like the seatbelts in your car, it won't protect you unless you use it...
February 07, 2011 Added by:Rafal Los
Conferences are more than just going to interesting talks, meeting people, and attending after-parties. Sometimes, if the conferences is really a gem - like ShmooCon - you actually learn something. After attending this year's conference, I think it relevant to share my thoughts...
February 03, 2011 Added by:Headlines
Facebook has made steady progress in their efforts to offer better security, but it remains the responsibility of account holders to make sure they are utilizing all of the security features. One allows members to monitor their profile for any unauthorized access to their Facebook account...
January 24, 2011 Added by:Headlines
"Website owners should declare if they store your passwords using strong hashing. This is a simple process and not any more expensive to implement, however unfortunately websites not using this method of cryptography is something we see all too often..."
January 22, 2011 Added by:Javvad Malik
You walk back to the office knowing full well, like hundreds of others in their office, they’ve forgotten their password. You then have to jump through 20 different hoops to identify yourself. Your name, ID number, user ID, your managers name, your national insurance number… blah blah blah... Finally, you’re told that your password has been reset to Password123. Success? Nearly, becaus...