Informations about SSL certificates and networks security
Auto Added by WPeMatico
Oops: Instead of telling you when it’s safe to cross the street, the walk signs in Crystal City, VA are just repeating ‘CHANGE PASSWORD.’ Something’s gone terribly wrong here. Powered by WPeMatico
A vulnerability (just patched) in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords: The password generator included in Kaspersky Password Manager had several problems. The most critical one is that it used a PRNG not suited for cryptographic purposes. Its single source of entropy was the current time. … Read More “Vulnerability in the Kaspersky Password Manager” »
DiceKeys is a physical mechanism for creating and storing a 192-bit key. The idea is that you roll a special set of twenty-five dice, put them into a plastic jig, and then use an app to convert those dice into a key. You can then use that key for a variety of purposes, and regenerate … Read More “DiceKeys” »
It is amazing that this sort of thing can still happen: …the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker then tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations. Telnet? Default passwords? In 2020? We have a long … Read More “Half a Million IoT Passwords Leaked” »
This study shows that most people don’t change their passwords after a breach, and if they do they change it to a weaker password. Abstract: To protect against misuse of passwords compromised in a breach, consumers should promptly change affected passwords and any similar passwords on other accounts. Ideally, affected companies should strongly encourage this … Read More “Password Changing After a Breach” »
Joshua Schulte, the CIA employee standing trial for leaking the Wikileaks Vault 7 CIA hacking tools, maintains his innocence. And during the trial, a lot of shoddy security and sysadmin practices are coming out: All this raises a question, though: just how bad is the CIA’s security that it wasn’t able to keep Schulte out, … Read More “CIA Dirty Laundry Aired” »
It’s a list of easy-to-guess passwords for IoT devices on the Internet as recently as last October and November. Useful for anyone putting together a bot network: A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) “smart” devices. The list, … Read More “Half a Million IoT Device Passwords Published” »
A malicious Chrome extension surreptitiously steals Ethereum keys and passwords: According to Denley, the extension is dangerous to users in two ways. First, any funds (ETH coins and ERC0-based tokens) managed directly inside the extension are at risk. Denley says that the extension sends the private keys of all wallets created or managed through its … Read More “Chrome Extension Stealing Cryptocurrency Keys and Passwords” »
New details: At the CyberwarCon conference in Arlington, Virginia, on Thursday, Microsoft security researcher Ned Moran plans to present new findings from the company’s threat intelligence group that show a shift in the activity of the Iranian hacker group APT33, also known by the names Holmium, Refined Kitten, or Elfin. Microsoft has watched the group … Read More “Iranian Attacks on Industrial Control Systems” »
Lots of them weren’t very good: BSD co-inventor Dennis Ritchie, for instance, used “dmac” (his middle name was MacAlistair); Stephen R. Bourne, creator of the Bourne shell command line interpreter, chose “bourne”; Eric Schmidt, an early developer of Unix software and now the executive chairman of Google parent company Alphabet, relied on “wendy!!!” (the name … Read More “Cracking the Passwords of Early Internet Pioneers” »