I published the following diary on isc.sans.edu: “Use Your Browser Internal Password Vault… or Not?“: Passwords… a so hot topic! Recently big players (Microsoft, Apple & Google) announced that they would like to suppress (or, at least, reduce) the use of classic passwords. In the meantime, they remain the most common
Waiting for the new year party, this is a last quick post in 2014! It’s not the first time that I see a peak of rogue authentication requests against some of the WordPress websites. But for a while, there is a constant flood of IP addresses trying to bruteforce the WordPress login
Aaaaah… Passwords! Why write a blog article about them. Everything has alreay been said about passwords. Everybody hates them because they are hard to remember, because we should change it regularly, because we have way too much of them. They are often present in security awareness campaign (see the article
Today was a bad day for Skype Microsoft: A vulnerability was discovered on the Skype website which allowed an attacker to hijack the account of a Skype user. The Skype client itself (the software) is not affected. When successfully performed, the account was not only stolen but, worse, it looks
The idea of this post came after I read another blog post from Light Blue Touchpaper. Picking a good password is a never-ending story. You can find multiple recipes, tips & tricks. One of the way, also promoted by Google is to create passwords based on quotes or common sentences.
A few days ago, a buzz hit the information security landscape. /. relayed a BBC article announcing that a new French decree will make hashed passwords illegal. Really? Honestly, when I read this, I also twitted about it. For security professionals, it looks totally unacceptable! Now, the buzz seems over
All good pentesters have their own “survival kit” with a lot of tools and scripts grabbed here and there. Here is a new one released a few days ago: FacebookPasswordDecryptor. “FacebookPasswordDecryptor – small, simple, free, and yet truly reliable application that helps you recover stored Facebook account passwords, quickly and
A “Wall of Shame” or “Wall of Sheep” is a real-time demonstration application which searches for non secured (read: sent in clear text) login/passwords sent through a network. One of the well-know wall of sheep is the one operated every year during the Defcon conference in Las Vegas. A few
This frozen picture comes from a reportage broadcasted today by TF1, a major French television channel. On the white board behind the women, we can clearly read an URL and the associated credentials. This a excellent example of “don’t do this” to be used during security awareness trainings! Source: zataz.com
User authentication… If there is a long and never ending story, it is definitively this one! All of us have plenty of passwords to write on post-its keep in mind. They are several ways to increase the user authentication safety. By forcing very difficult passwords and learn them, by using
