General Musing

blaze your trail

Posts Tagged ‘password

Spreading Passwords over Multiple Locations #security

leave a comment »

Spreading Passwords over Multiple Locations #security ??RSA’s new approach is a version of a technique known as threshold cryptography, which has long been explored by researchers. They split the password in chunks and store the chunks over multiple servers.

http://www.technologyreview.com/news/429498/to-keep-passwords-safe-from-hackers-just-break/

To Keep Passwords Safe from Hackers, Just Break Them into Bits – Technology Review

Millions of passwords have been stolen from companies such as LinkedIn and Yahoo. A new approach aims to prevent future heists.

View or comment on Dani??l Crompton’s post »

Written by Daniël W. Crompton (webhat)

October 10, 2012 at 3:26 pm

Posted in algorithm, database, security

Tagged with ,

Yahoo! Password Leak #security

leave a comment »

Yahoo! Password Leak

Gina Smith writes about the Yahoo! password leak inTechRepublic and adds a link were you can check whether your password was leaked.

I changed my password as soon as I heard, and hope you did too. Luckily my password was not exposed in a form that Sucuri could detect. Even if you were not in the list you should change your password, as this could just have been a partial list and your password could still be floating around.

View or comment on Daniël Crompton’s post »

Written by Daniël W. Crompton (webhat)

July 13, 2012 at 7:56 pm

Posted in Uncategorized

Tagged with , , ,

Yahoo! Nooooooooo…. #security

leave a comment »

Yahoo! Nooooooooo….

*sigh* Yahoo! What did you do? Unencrypted passwords? Please tell me it isn’t so…

/me = speechless

Nearly Half a Million Yahoo Passwords Leaked – Slashdot

An anonymous reader writes “Some 450,000 email addresses and associated unencrypted passwords have been dumped online by the hacking collective “D33Ds Company” following the compromise of a Yahoo subd…

View or comment on Daniël Crompton’s post »

Written by Daniël W. Crompton (webhat)

July 12, 2012 at 2:46 pm

Posted in Uncategorized

Tagged with , , , ,

FromSpring Passwords Lost

leave a comment »

FromSpring Passwords Lost

Formspring managed to add itself to the list of companies to misshandle their user’s accounts and lose 420,000 passwords. Unlike LinkedIn, by all accounts, they handled it gracefully and informed their users quite quickly. Additionally, unlike LinkedIn, they disabled all passwords for all the accounts which is exactly what you should do if a breach is discovered. Whether the passwords are sha256 hashed+salted or plain text. The hash is merely a delaying mechanism to ensure that there is a window of time before a vendor needs to have discovered the security incident.

Something FormSpring did not do is ask users who use Twitter or FaceBook oauth to create a password when they sign up. Many sites do this to ensure that their users can login without FB or Twitter. This means that I did not need to change my password, as I only had my FB and Twitter accounts linked as my MAIN and only form of identification.

View or comment on Daniël Crompton’s post »

Written by Daniël W. Crompton (webhat)

July 12, 2012 at 12:34 pm

Posted in Uncategorized

Tagged with , , ,

Scandalous Insights

leave a comment »

Scandalous Insights

LinkedIn says in their blog: We are working hard to protect you, but there are also steps that you can take to protect yourself, such as:

  • Make sure you update your password on LinkedIn (and any site that you visit on the Web) at least once every few months.
  • Do not use the same password for multiple sites or accounts.
  • Create a strong password for your account, one that includes letters, numbers, and other characters.
  • Watch out for phishing emails and spam emails requesting personal or sensitive information.

LinkedIn – you can make it easier for your users to perform these tasks, you could auto expire passwords, have strength indicator, and even verify with other sites that they don’t have the same password: Login with the credentials given You can even implement SPF, DKIM, etc correctly to make your mail better. You don’t implement this security for UX and marketing reasons, instead you implement security to stop your users from being able to use your site better.

You don’t, instead you piss on your less tech savvy customers, and place part of the blame on them. I’ve offered multiple times to come and help you fix your stuff – free.

I’m sorry that you are idiots! And my offer still stands.

Taking Steps To Protect Our Members

View or comment on Daniël Crompton’s post »

Written by Daniël W. Crompton (webhat)

June 8, 2012 at 6:56 pm

Password Leak June

leave a comment »

Password Leak June
Today for you in Password Leak June: Last.FM

After earlier news that LinkedIn and others leaked passwords this week, Last.fm marketeers must have been wondering how they too could increase brand awareness.

Clearly this is a new meme, so much safer than planking. Although I will be skipping it as I like to have halfway decent software as a starting point.

Adrianus Warmenhoven
And now Last.fm has leaked passwords:

http://www.last.fm/passwordsecurity

Last.fm Password Security Update – Last.fm

The world’s largest online music catalogue, powered by your scrobbles. Internet radio, videos, photos, stats, charts, biographies and concerts.

View or comment on Daniël Crompton’s post »

Written by Daniël W. Crompton (webhat)

June 8, 2012 at 3:28 pm

Posted in Uncategorized

Tagged with , , , ,

6 Months of Security Links #2011

leave a comment »

I’m a regular curator of daily links, and like to give overviews of my collection of curated links and posts. This is partly as there are some good sources and articles in here and as I am working on a research project which I started based on a number of books I read.

I’m sure you’ll find something interesting in the items below – there are some gems in the list – and I dare to hazard the guess you might learn something you wanted to know. 🙂

Read the rest of this entry »

Written by Daniël W. Crompton (webhat)

July 15, 2011 at 4:10 pm

Posted in tagging

Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

This year’s articles about programming #2010

leave a comment »

Programming Hands

In 2010 I was less focussed on programming articles on the blog than previous years, still I have managed to create some interesting articles with code in 2010. This is an overview of the activity:

Having some fun today with QR codes, JavaScript and the Google Analytics URL …

The only questions that are asked in the Daily Scrum, aka Stand-Up, are: What…

UPDATE: GMail has introduced my number 3. YEAH! (Gmail introduces Priority In…

I like YouTube, and often subscribe to new channels and unsubscribe after a w…

Since I started working for my company I’ve been exposed to PCI DSS (Pa…

I don’t understand why url expansion after url shortening is such an is…

VeriSign – Personal Identity Portal is a OpenID provider with multiple …

Image source D’Arcy Norman

VeriSign PIP Browser Certificate workaround (PIN Request) #identity #openid

leave a comment »

VeriSign – Personal Identity Portal is a OpenID provider with multiple factor identification: Password +

  • Mobile Credential (phone or mail PIN)
  • Account Information Card (can be used by applications such as Microsoft CardSpace)
  • VeriSign browser certificate
  • VeriSign Identity Protection (VIP) Credential (Physical Token)

As I have a browser certificate linked to my old browser and couldn’t login with my current browser I had to figure out a workaround when I don’t have the browser certificate: PIN Request. On the page that does the browser certificate request there is a hidden link to get a PIN send by mail or mobile, which you can find here.

Hope that helps you.

Written by Daniël W. Crompton (webhat)

April 17, 2010 at 7:24 pm

Could your keyboard spy on you?

leave a comment »

I saw a cool article on /. about “…small devices called “JitterBugs” could piggyback onto network connections to discreetly send passwords and other sensitive data over the Internet.”

I’m not too worried, a computer which can be accessed by any other person besides the owner is suspect anyway.

technorati tags: , , ,

Written by Daniël W. Crompton (webhat)

August 8, 2006 at 5:55 pm

Posted in security

Tagged with , , , ,

%d bloggers like this: