HackDig : Dig high-quality web security articles for hacker

Agent 1433: remote attack on Microsoft SQL Server

All over the world companies large and small use Microsoft SQL Server for database management. Highly popular yet insufficiently protected, this DBMS is a target of choice for hacking. One of the most common attack on Microsoft SQL Server — the remote attack based on malicious jobs — has been around for a long time, but it is still used to get access to work
Publish At:2019-09-19 18:20 | Read:180 | Comments:0 | Tags:Research Backdoor Microsoft SQL Passwords Trojan

Some crypto challenges: Author writeup from BSidesSF CTF

Hey everybody, This is yet another author's writeup for BSidesSF CTF challenges! This one will focus on three crypto challenges I wrote: mainframe, mixer, and decrypto! mainframe - bad password reset .block1 { color: red; background-color: #3b3d37; border: 2px solid #17242b; margin: 2px; } .block2 { color: orange; background-color:
Publish At:2019-09-19 17:55 | Read:87 | Comments:0 | Tags:Conferences Crypto Passwords Tools

How Not to Store Passwords: SHA-1 Fails Again

Problem: How do you store a password but make it nearly impossible to recover the plaintext in the event that the database with the password hash is compromised? When doing software development, it’s critical to review these functions. Having good development standards for your team will ensure that people store passwords properly and avoid mistakes th
Publish At:2017-11-07 04:05 | Read:13487 | Comments:0 | Tags:Application Security Data Protection X-Force Research Applic

Strong Passwords Don’t Have to be Hard to Remember

Bill Burr blew it, and he knows it. The man responsible for the global password strength guidelines, which posit that you should always use alphanumeric characters and alternate uppercase and lowercase letters, recognizes his error. According to Burr, these rules “drive people crazy,” and yet, even so, do not necessarily make for good passwords. Fourteen yea
Publish At:2017-09-29 22:40 | Read:3168 | Comments:0 | Tags:Security b2b passwords

Cyber Security Tips for Parents and Children

How to protect your children from cyber threats The summer just gracefully glanced over our lives, and now it is time for things to get back to normal – we will soon start feeling the cold breeze and the days will become shorter. Even though that the good old days of casual dress code in the office are now gone, being back to reality has some positives too.
Publish At:2017-09-05 17:15 | Read:8230 | Comments:0 | Tags:Mobile News Tips cybersecurity passwords Privacy

Taringa Data Breach, over 28 Million users affected

The data breach notification website LeakBase reported to the colleagues at THN the Taringa data breach, over 28 Million users’ data exposed. Taringa, also known as ‘The Latin American Reddit’, is a popular social network used by netizens in Latin America to create and share thousands of posts every day on general interest topics. The dat
Publish At:2017-09-04 16:05 | Read:2533 | Comments:0 | Tags:Breaking News Data Breach Hacking Social Networks cracking p

Back to Basics: Six Simple Strategies to Strengthen Your Security Posture

Security threats can be scary, and the fear factor is understandable. Technological progress makes security a fast-moving target, with new and more sophisticated threats constantly emerging. The Internet of Things (IoT) is raising the stakes, putting the means of physical destruction in the hands of malicious actors. A sophisticated criminal underworld ecos
Publish At:2017-06-16 08:15 | Read:3344 | Comments:0 | Tags:Risk Management Data Protection Passwords Patch Management S

More Than Half a Billion Passwords Compromised

A security research firm discovered that there’s an anonymous database containing more than 560 million passwords. The database is accessible on the Dark Web, and it is a compilation of information exposed by all major leaks over the last five years. It includes stolen account information from security breaches of LinkedIn, DropBox, LastFM, MySpace, Adobe, N
Publish At:2017-06-01 22:05 | Read:2479 | Comments:0 | Tags:Mobile News Security cybersecurity Hackers passwords

Your Password is Already In the Wild, You Did not Know?

There was a lot of buzz about the leak of two huge databases of passwords a few days ago. This has been reported by Try Hunt on his blog. The two databases are called “Anti-Trust-Combo-List” and “Exploit.In“. If the sources of the leaks are not officially known, there are some ways to discover some of them (see my previous article abo
Publish At:2017-05-19 19:10 | Read:3235 | Comments:0 | Tags:Security Leaks Passwords

Identifying Sources of Leaks with the Gmail “+” Feature

For years, Google is offering two nice features with his gmail.com platform to gain more power of your email address. You can play with the “+” (plus) sign or “.” (dot) to create more email addresses linked to your primary one. Let’s take an example with John who’s the owner of john.doe@gmail.com. John can share the email
Publish At:2017-05-13 15:50 | Read:3697 | Comments:0 | Tags:Security Dump Google leak Passwords

Trust, but Verify: Authentication Without Validation Is Naïve

Let’s face it: Authentication factors as we know them are not holding down the fort. The practice of providing something you know, something you have and something you are is failing, even when we are asked repeatedly to provide multiple factors of authentication. Passing Around Passwords Passwords are a dying breed. The excessive use of passwords, cou
Publish At:2017-04-04 23:50 | Read:3426 | Comments:0 | Tags:Fraud Protection Identity & Access Authentication Identity a

Default Settings, and Why the Initial Configuration is not the Most Secure

It’s true that it’s easiest and most convenient to start using new devices or software with their default settings. But it’s not the most secure, not by a long shot. Accepting the default configuration without reviewing what it actually is could be dangerous to your company’s confidential information. The default settings are predetermined by the manufacture
Publish At:2017-03-08 15:45 | Read:2668 | Comments:0 | Tags:Security default settings passwords security

Two Step Verification, and How Facebook Plans to Overhaul It

http://www.pandasecurity.com/mediacenter/src/uploads/2017/02/facebook-two-step-verification-300x225.jpgWe’ve all been there. You get a new smartphone or computer, and you have to slog through all of your first-time logins by manually typing out usernames, passwords, etc. Sometimes it happens that one of your accounts has a particularly difficult password tha
Publish At:2017-02-24 20:15 | Read:3334 | Comments:0 | Tags:News delegated recovery Facebook passwords

Keychain, Apple’s Cloud-Based Tool That Safeguards Your Data

Safeguarding your company’s confidential information, in many cases, calls for having your employees create and properly manage a series of passwords. Not only should they choose complex credentials, but they should also vary among themselves. And they definitely should not be saved in easily accessible places, like a text document. Password managers come in
Publish At:2017-02-06 09:30 | Read:3171 | Comments:0 | Tags:Security Apple keychain passwords Cloud

Too Many Passwords: Is the End in Sight?

Since passwords are a shared secret between a user and a system, a threat vector exists at both the client and the service provider. Experts have declared for years that the password alone was never considered a long-term solution for securely identifying a user, according to CNET. End users are finding it increasingly difficult to protect their passwords fr
Publish At:2017-01-16 23:40 | Read:4238 | Comments:0 | Tags:Identity & Access Authentication Biometric Security Biometri


Share high-quality web security related articles with you:)


Tag Cloud