Category: authorization

Auto Added by WPeMatico

Device Code Phishing

Posted on By infossl
authentication, authorization, phishing, russia, Security technology, Uncategorized

This isn’t new, but it’s increasingly popular: The technique is known as device code phishing. It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs, and similar devices into accounts. These devices typically don’t support browsers, making it … Read More “Device Code Phishing” »

Forging Australian Driver’s Licenses

Posted on By infossl
authorization, cars, encryption, forgery, Security technology, Uncategorized

The New South Wales digital driver’s license has multiple implementation flaws that allow for easy forgeries. This file is encrypted using AES-256-CBC encryption combined with Base64 encoding. A 4-digit application PIN (which gets set during the initial onboarding when a user first instals the application) is the encryption password used to protect or encrypt the … Read More “Forging Australian Driver’s Licenses” »