Hacking, InfoSec and Password Management

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

JANUARY 10, 2018

Which brings us back to Aadhaar and some rather unpleasant headlines of late, particularly the likes of The World's Largest Biometric ID System Keeps Getting Hacked. They claim that they're hack-proof. But claiming the service is "hack-proof", that's something I definitely have an issue with. Can you prove otherwise?

Hacking

Hacking Government Encryption Risk

Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass

Security Boulevard

FEBRUARY 5, 2023

The attacks on password managers and their users continue as Bitwarden and 1Password users have reported seeing paid ads for phishing sites in Google search results for the official login page of the password management vendors.

Password Management

Password Management Passwords Accountability Phishing

"Pwned", the Book, is Finally Here!

Troy Hunt

SEPTEMBER 8, 2022

Captivating stuff, apart from infosec, you really feel as though you’ve been taken on a journey with Troy through the years of living in paradise a.k.a. Troy Hunt takes us on his life journey, ups and downs, explaining how haveIbeenpwned came to be, raising awareness of the world’s poor password and online security habits.

InfoSec

InfoSec Password Management Passwords IoT

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

The end game for this particular hacking ring is to install crypto currency mining routines on compromised Linux servers. Xbash gets rolling by infecting one device, which then serves as the launch pad for deeper hacking forays limited only by the attacker’s initiative. Use a password manager.

Passwords

Passwords Password Management Internet Internet

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

I seem to be doing most of that activity now on Mastodon , which appears to have absorbed most of the infosec refugees from Twitter, and in any case is proving to be a far more useful, civil and constructive place to post such things. It emerges that email marketing giant Mailchimp got hacked. ” SEPTEMBER.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

CISA adds Plex Media Server bug, exploited in LastPass attack, to Known Exploited Vulnerabilities Catalog

Security Affairs

MARCH 13, 2023

More at: [link] #cybersecurity #InfoSec #VulnerabilityManagement pic.twitter.com/hNwDHFaPtt — CISA Cyber (@CISACyber) March 10, 2023 “This issue allowed an attacker with access to the server administrator’s Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it. .”

Media

Media InfoSec Password Management Engineering

SolarWinds blaming intern for leaked password is symptom of ‘security failures’

SC Magazine

MARCH 2, 2021

House Oversight and Homeland Security committees last week, SolarWinds’s former and current CEOs blamed an intern for creating a weak FTP server password and leaking it on GitHub – an act which may or may not have contributed to a supply chain hack that impacted users of the tech firm’s Orion IT performance monitoring platform.

Passwords

Passwords Password Management CISO InfoSec

The 7 Biggest Cybersecurity Scoops from February 2015

SiteLock

AUGUST 27, 2021

One year ago in February, the major eBay hack was in progress, eventually resulting in over 233 million passwords being stolen. The Infosec Institute recently wrote a topic on the subject, which can be read here. Worst Passwords of 2014. Below are 7 trending cyber security stories that you should read for February 2015.

Passwords

Passwords Cybersecurity Internet Internet

[Full-Disclosure] HideezKey 2 FAIL: How a good idea turns into a SPF (Security Product Failure)

Security Affairs

MAY 7, 2021

HideezKey- This is a deep-dive into a nice concept for a security token & password manager that turned into a horrible product due to lack of proper R&D and Threat Modeling. Passive Recon & OSINT: First of all (even without attempting to open the token) we can immediately notice our best-hardware-hacking-friend: the FCC ID.

Firmware

Firmware Passwords Password Management Encryption

Why Human Input Is Still Vital to Cybersecurity Tech

SecureWorld News

APRIL 17, 2022

Now, instead of having to remember all of your passwords, you simply need to set a strong password (which will be much harder to hack) and your browser will remember it for you. This went a step further with the rise of profiles, such as Google Accounts, which can remember passwords across multiple devices.

Cybersecurity

Cybersecurity Passwords Technology Password Management

Personal Cybersecurity Concerns for 2023

Security Through Education

JANUARY 18, 2023

Perhaps we thought, who would want to hack a completely unknow person like me? The Cybersecurity & Infrastructure Security Agency , lists the following 4 steps to protect yourself: Implement multi-factor authentication on your accounts and make it significantly less likely you’ll get hacked. Update your software.

Cybersecurity

Cybersecurity Social Engineering Scams IoT

Episode 145: Veracode CTO Chris Wysopal and Life After Passwords with Plurilock

The Security Ledger

MAY 8, 2019

Also: we continue our series on life after the password by speaking to Ian Paterson, the CEO of behavioral authentication vendor Plurilock. Also: we continue our series on life after the password by speaking to Ian Paterson, the CEO of behavioral authentication vendor Plurilock. The post Episode 145: Read the whole entry. »

Passwords

Passwords Password Management Authentication InfoSec

The Hacker Mind Podcast: Hacking the Art of Invisibility

ForAllSecure

MARCH 1, 2022

I mean, there are so many positive stories about people who are hacking for a living and doing good things because of it. Vamosi: Within InfoSec there's an informal use of AppSec as well. Welcome to the hacker mind that original podcast from for all secure it's about challenging our expectations about the people who hack for a living.

Hacking

Hacking Mobile Cryptocurrency VPN

OAuth: Your Guide to Industry Authorization and Authentication

eSecurity Planet

APRIL 20, 2021

Manages permissions. Maintained by infosec teams. Manages identifying information. Also Read: Protecting Against Solorigate TTPS: SolarWinds Hack Defenses. Also Read: Best Password Management Software & Tools. The below table touches on the critical differences: Authorization (OAuth).

Authentication

Authentication Mobile Accountability Encryption

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

Anyway I was testing this suite when I happened to randomly strike two keys -- I think it was control and B -- and up popped the password manager, displaying all my test passwords in the clear. Thing was, the manager required its own password, which I had not entered; remember, I had hit only two keys.

Software

Software Passwords Internet Internet

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

Anyway I was testing this suite when I happened to randomly strike two keys -- I think it was control and B -- and up popped the password manager, displaying all my test passwords in the clear. Thing was, the manager required its own password, which I had not entered; remember, I had hit only two keys.

Software

Software Passwords Internet Internet

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Shah provides her expertise in hacking, software development, and kernel development and advocates for open source initiatives. Lots of accounts including Bezos, Elon Musk, Joe Biden, Barack Obama, Bill Gates, Mr Beast, and a ton more getting hacked for a bitcoin scheme. — Dave Kennedy (@HackingDave) July 15, 2020.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Generated Passwords, UX and Security Absolutism

Troy Hunt

DECEMBER 10, 2019

The service was obviously rather popular because within days the tech (and mainstream) headlines were proclaiming that thousands of hacked Disney+ accounts were already for sale on hacking forums. There's a fundamental flaw in the logic which I summarised as follows: If the site generates a password, how do you store it?

Passwords

Passwords Password Management Accountability Authentication

Cyber Security Informer

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass

Trending Sources

"Pwned", the Book, is Finally Here!

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Happy 13th Birthday, KrebsOnSecurity!

CISA adds Plex Media Server bug, exploited in LastPass attack, to Known Exploited Vulnerabilities Catalog

SolarWinds blaming intern for leaked password is symptom of ‘security failures’

The 7 Biggest Cybersecurity Scoops from February 2015

[Full-Disclosure] HideezKey 2 FAIL: How a good idea turns into a SPF (Security Product Failure)

Why Human Input Is Still Vital to Cybersecurity Tech

Personal Cybersecurity Concerns for 2023

Episode 145: Veracode CTO Chris Wysopal and Life After Passwords with Plurilock

The Hacker Mind Podcast: Hacking the Art of Invisibility

OAuth: Your Guide to Industry Authorization and Authentication

The Hacker Mind: Shellshock

The Hacker Mind: Shellshock

Top Cybersecurity Accounts to Follow on Twitter

Generated Passwords, UX and Security Absolutism

Stay Connected