password

  1. B

    Entering Passwords Physically and Programmatically?

    Hello, I am paranoid a bit when entering passwords online because I think that there might be sitting a keylogger on my PC despite Windows Defender saying all is good. What gives me peace of mind is alternation between physical keyboard typing and using built-in Windows On-screen Keyboard so I...
  2. cageymaru

    Facebook Employees Had Access to Millions of User Passwords Stored in Plain Text

    In a new blog post entitled "Keeping Passwords Secure" Facebook VP Engineering, Security and Privacy Pedro Canahuati explains how the social media giant accidentally stored Facebook user's passwords on internal data storage systems in plain text. Pedro explains how "these passwords were never...
  3. M

    Always have to retype saved password for it to connect to the server with RDP

    So I have a desktop with Windows 7 and a server with win server 2008r2. I have remote desktop setup with the username and password to connect to the server. Everytime it says something like authentication failed or something similar with the saved password, but if I type in the same password...
  4. cageymaru

    The Pentagon Wants to Replace Passwords with the Way You Move or Walk

    Steven Wallace is a system innovation scientist at the Pentagon's Defense Information Systems Agency, or DISA. In an interview with The Washington Post, he discussed smartphone technology that the Pentagon is testing that will authenticate smartphone owners by using "the gait of your walk, the...
  5. cageymaru

    Android Receives FIDO2 Certification to Usher in a World Without Passwords

    The FIDO Alliance has announced that compatible devices running Android 7.0+ are now FIDO2 certified. FIDO2 certification allows these devices to have simpler, stronger authentication capabilities as users can utilize the device's built-in fingerprint sensor and/or FIDO security keys for secure...
  6. cageymaru

    PremiSys IDenticard System Vendor Ignores Security Researcher Findings

    A security researcher from Tenable Research discovered a hardcoded backdoor in the 3.1.190 PremiSys IDenticard system that "allows attackers to add new users to the badge system, modify existing users, delete users, assign permission, and pretty much any other administrative function." Security...
  7. DooKey

    You Better Reset Your Twitter Password

    Just a couple of days ago we posted news of GitHub leaving some of passwords in plain text within the internal logging system. Guess what? It has happened again and Twitter is the culprit. According to a blog post explaining things they say that a bug left passwords in plain text within the...
  8. R

    GitHub Accidentally Stored Some Passwords in Plain Text

    Bleeping Computer is reporting that a select number of GitHub users were warned yesterday that due to a flaw in their password reset system, the company had stored their passwords in plain text on internal logs. According to GitHub's email, it's no big deal though because the plain text...
  9. R

    Samba Problem Lets Any User Change Admin Passwords

    The Register is reporting that "On a Samba 4 Active Directory domain controller (AD DC) any authenticated user can change other users' passwords over LDAP, including the passwords of administrative users and service accounts." The problem is in all versions of Samba from 4.0.0 and newer where it...
  10. DooKey

    Hardcoded Password Found in Cisco Software

    Cisco is constantly releasing security advisories for their products, but the recent advisory has an interesting little tidbit about a hardcoded password. Believe it or not their Prime Collaboration Provisioning software app has a hardcoded password that can be exploited by a local attacker...
  11. R

    Hawaii Emergency Management Password Found In Press Photo

    After a false alert about an inbound missile, Hawaii's Emergency Management Agency has said a worker clicked the wrong item in a drop-down menu and sent it, and that its system was not hacked. But Hawaii News Now is reporting an AP photo from July has resurfaced, showing the agency's operations...
  12. DooKey

    PSA: Spotify Appears to Have Been Hacked

    Over at Reddit there has been message posted that Spotify account emails and passwords have been posted online. I know all of us here would never use the same password for multiple accounts, but if you accidently did and have a Spotify account you might want to go change it on other sites. You...
  13. Zarathustra[H]

    'Sorry, I've Forgotten my Decryption Password' is Contempt of Court

    The Register is reporting that the U.S. Third Circuit Court of Appeals today upheld a lower court ruling in which a man suspected of concealing child pornography was held in contempt after failing to successfully provide his decryption passwords for his external hard drives. This legal decision...
Back
Top