All over the world companies large and small use Microsoft SQL Server for database management. Highly popular yet insufficiently protected, this DBMS is a target of choice for hacking. One of the most common attack on Microsoft SQL Server — the remote attack based on malicious jobs — has been around for a long time, but it is still used to get access to work

Hey everybody, This is yet another author's writeup for BSidesSF CTF challenges! This one will focus on three crypto challenges I wrote: mainframe, mixer, and decrypto! mainframe - bad password reset .block1 { color: red; background-color: #3b3d37; border: 2px solid #17242b; margin: 2px; } .block2 { color: orange; background-color:

Problem: How do you store a password but make it nearly impossible to recover the plaintext in the event that the database with the password hash is compromised? When doing software development, it’s critical to review these functions. Having good development standards for your team will ensure that people store passwords properly and avoid mistakes th

Bill Burr blew it, and he knows it. The man responsible for the global password strength guidelines, which posit that you should always use alphanumeric characters and alternate uppercase and lowercase letters, recognizes his error. According to Burr, these rules “drive people crazy,” and yet, even so, do not necessarily make for good passwords. Fourteen yea

How to protect your children from cyber threats The summer just gracefully glanced over our lives, and now it is time for things to get back to normal – we will soon start feeling the cold breeze and the days will become shorter. Even though that the good old days of casual dress code in the office are now gone, being back to reality has some positives too.

The data breach notification website LeakBase reported to the colleagues at THN the Taringa data breach, over 28 Million users’ data exposed. Taringa, also known as ‘The Latin American Reddit’, is a popular social network used by netizens in Latin America to create and share thousands of posts every day on general interest topics. The dat

Security threats can be scary, and the fear factor is understandable. Technological progress makes security a fast-moving target, with new and more sophisticated threats constantly emerging. The Internet of Things (IoT) is raising the stakes, putting the means of physical destruction in the hands of malicious actors. A sophisticated criminal underworld ecos

A security research firm discovered that there’s an anonymous database containing more than 560 million passwords. The database is accessible on the Dark Web, and it is a compilation of information exposed by all major leaks over the last five years. It includes stolen account information from security breaches of LinkedIn, DropBox, LastFM, MySpace, Adobe, N

There was a lot of buzz about the leak of two huge databases of passwords a few days ago. This has been reported by Try Hunt on his blog. The two databases are called “Anti-Trust-Combo-List” and “Exploit.In“. If the sources of the leaks are not officially known, there are some ways to discover some of them (see my previous article abo

For years, Google is offering two nice features with his gmail.com platform to gain more power of your email address. You can play with the “+” (plus) sign or “.” (dot) to create more email addresses linked to your primary one. Let’s take an example with John who’s the owner of john.doe@gmail.com. John can share the email

Let’s face it: Authentication factors as we know them are not holding down the fort. The practice of providing something you know, something you have and something you are is failing, even when we are asked repeatedly to provide multiple factors of authentication. Passing Around Passwords Passwords are a dying breed. The excessive use of passwords, cou

It’s true that it’s easiest and most convenient to start using new devices or software with their default settings. But it’s not the most secure, not by a long shot. Accepting the default configuration without reviewing what it actually is could be dangerous to your company’s confidential information. The default settings are predetermined by the manufacture

http://www.pandasecurity.com/mediacenter/src/uploads/2017/02/facebook-two-step-verification-300x225.jpgWe’ve all been there. You get a new smartphone or computer, and you have to slog through all of your first-time logins by manually typing out usernames, passwords, etc. Sometimes it happens that one of your accounts has a particularly difficult password tha

Safeguarding your company’s confidential information, in many cases, calls for having your employees create and properly manage a series of passwords. Not only should they choose complex credentials, but they should also vary among themselves. And they definitely should not be saved in easily accessible places, like a text document. Password managers come in

Since passwords are a shared secret between a user and a system, a threat vector exists at both the client and the service provider. Experts have declared for years that the password alone was never considered a long-term solution for securely identifying a user, according to CNET. End users are finding it increasingly difficult to protect their passwords fr