passwords   14141

« earlier    

Who's using 2FA? Sweet FA. Less than 1 in 10 Gmail users enable two-factor authentication
“less than 10 per cent of active Google accounts use two-step authentication to lock down their services. He also pointed out that a Pew study in 2016 showed only around 12 per cent of web users have a password manager to protect their accounts.”
2fa  security  gmail  surveys  passwords 
yesterday by cote
Flaw In Major Browsers Allows 3rd-Party Scripts to Steal Your Saved Passwords
Security researchers have uncovered how marketing companies have started exploiting an 11-year-old bug in browsers' built-in password managers, which allow them to secretly steal your email address for targeted advertising across different browsers and devices.
The major concern is that the same loophole could allow malicious actors to steal your saved usernames and passwords from browsers without requiring your interaction.
Every modern browser—Google Chrome, Mozilla Firefox, Opera or Microsoft Edge—today comes with a built-in easy-to-use password manager tool that allows you to save your login information for automatic form-filling.
advertising  browser  passwords  privacy  security  tracking 
5 days ago by rgl7194
Web Trackers Exploit Flaw in Browser Login Managers to Steal Usernames
Princeton privacy experts are warning that advertising and analytics firms can secretly extract site usernames from browsers using hidden login fields and tie non-authenticated users visiting a site with their profiles or emails on that domain.
This type of abusive behavior is possible because of a design flaw in the login managers included with all browsers, login managers that allow browsers to remember a user's username and password for specific sites and auto-insert it in login fields when the user visits that site again.
Experts say that web trackers can embed hidden login forms on sites where the tracking scripts are loaded. Because of the way the login managers work, the browser will fill these fields with the user's login information, such as username and passwords.
advertising  browser  passwords  privacy  security  tracking 
5 days ago by rgl7194
Probable-Wordlists/Real-Passwords at master · berzerk0/Probable-Wordlists
THESE ARE THE PASSWORDS!

Their length is in their title.

These have had duplicates removed since the initial release.

I generated files by the number of times each line appeared in my analysis. Files are available for 75, 50, 25, 10, and 5 appearances.

Top 196 - appeared at least 75 times - these are the MOST common passwords

Top 3575 - appeared at least 50 times

Top 95 Thousand - appeared at least 25 times

Top 32 Million - appeared at least 10 times

Top 258 Million - appeared at least 5 times

Top 2Billion - appeared at least 2 times
security  passwords  analysis 
5 days ago by rsgranne
Mac and iOS Keychain Tutorial: How Apple’s iCloud Keychain Works | The Mac Security Blog
Your need passwords to log into websites and services, and it's hard to remember them. Since it's a bad idea to use the same password for each different website — because if one site is compromised, hackers will have an email address and password that they can try on other sites — you need to ensure that your passwords are different, and hard to crack. (A recent episode of the Intego Mac Podcast talks about password strategies.)
Your Macs and iOS devices have a "keychain," which is an encrypted file that stores your passwords and some other information. This file syncs via iCloud, so you can use the same passwords on all your devices. Here's how Apple's iCloud keychain works.
passwords  ios  mac  sync  privacy  security  tutorial  icloud 
5 days ago by rgl7194
Your web browser's password manager is helping ad companies track you across the web | iMore
The Same Origin Policy has one fatal flaw, and of course, ad companies have found a way to exploit it.
There are a few things you'll hear in every conversation about internet security; one of the first ones would be to use a password manager. I've said it, most of my coworkers have said it, and chances are you've said it while helping someone else sort out ways to keep their data safe and sound. It's still good advice, but a recent study from Princeton University's Center for Information Technology Policy has found that the password manager in your web browser you might use to keep your information private is also helping ad companies track you across the web.
It's a frightening scenario from all sides, mostly because it's not going to be easy to fix. What's happening isn't the stealing of any credentials — an ad company doesn't want your username and password — but the behavior a password manager uses is being exploited in a very simple way. An ad company places a script on a page (two called out by name are AdThink and OnAudience) that acts as a login form. It's not a real login form, as in it's not going to connect you to any service, it's "just" a login script.
browser  passwords  advertising  tracking  security  privacy 
5 days ago by rgl7194
Objective-See: From the Top to the Bottom
› tracking down the cause of CVE-2017-7149, from the UI level
In this blog, we'll take a detailed look a nasty bug (CVE-2017-7149) at affected High Sierra (macOS 10.13). Discovered by Matheus Mariano, this vulnerability could afford local attackers access to the contents of encrypted APFS volumes!
While Apple has patched this bug, and diff'ing the patch revealed the exact nature of the flaw (see Daniel Martín's tweet and great writeup), here, we'll take a different route to (re)illustrate the underlying issue.
Though our findings will mirror Daniel's, this blog post will instead start at the user interface (UI) level of the vulnerable app, then dig down, reversing various components and frameworks until we finally uncover the bug.
This method doesn't require a patch to diff and is a good practical reversing walk-thru!
Background
A few weeks ago Matheus Mariano tweeted: "If you create an Encrypted APFS container and install the new macOS, your password will be stored as plain text in your password hint."
diagnostics  bug  macOS  10.13  passwords  encryption  security  privacy  APFS 
6 days ago by rgl7194
Cierge - passwordless authentication done right.
Cierge is an open source authentication server (OIDC) that handles user signup, login, profiles, management, and more. Instead of storing passwords, Cierge uses magic links/codes and external logins to authenticate your users.
authentication  c#  oauth  openid  passwords  docker  image  security  service  software 
8 days ago by danesparza
Stop us if you've heard this one: Apple's password protection in macOS can be thwarted • The Register
Developers (again) find preferences hole (again) that bypasses login box (again)
It just works. For anyone.
An Apple developer has uncovered another embarrassing vulnerability in macOS High Sierra, aka version 10.13, that lets someone bypass part of the operating system's password protections.
This time, a vulnerable dialog box was found in the System Preferences panel for the App Store settings. The bug, reported by developer Eric Holtam to the Open Radar bug tracker, has since been verified by Mac-toting netizens.
security  privacy  macOS  10.13  prefs  bug  passwords 
8 days ago by rgl7194
Another macOS password prompt can be bypassed with any password | TechCrunch
MacRumors spotted a bug report that affects the current version of macOS High Sierra. In System Preferences, you can unlock the App Store preference pane by typing any password. Apple has reportedly already fixed the bug in beta versions of the next macOS High Sierra update.
While this bug is nowhere as serious as the infamous root login bug, as John Gruber wrote, this one is quite embarrassing. What’s wrong with password prompts and macOS?
If you want to test this bug at home, I was able to reproduce it quite easily. Open System Preferences, go to the App Store settings and look at the padlock icon. If it’s unlocked, lock it first and then try unlocking it with any password. Ta-da!
security  privacy  macOS  10.13  prefs  bug  passwords 
8 days ago by rgl7194
[Bug] macOS High Sierra App Store Preferences Can Be Unlocked Without a Password
Yet another password vulnerability has been uncovered in macOS High Sierra, which unlocks App Store System Preferences with any password (or no password at all).
A new password bug has been discovered in the latest version of macOS High Sierra that allows anyone with access to your Mac to unlock App Store menu in System Preferences with any random password or no password at all.
security  privacy  macOS  10.13  prefs  bug  passwords 
8 days ago by rgl7194
Mac App Store preferences bug already patched in beta, still dumb | iMore
Administrator accounts on release versions of macOS 10.13 High Sierra can unlock App Store settings without the correct password. It's probably not a high-level threat but it's a really dumb bug. And it's the latest in a series.
There's a bug in macOS High Sierra that, if an administrator account is logged in, allows anyone to access Mac App Store settings even if they don't enter the correct password.
Joe Rossignol, reporting for MacRumors:
A bug report submitted on Open Radar this week has revealed a security flaw in the current version of macOS High Sierra that allows the App Store menu in System Preferences to be unlocked with any password.
It works on the current release version of macOS High Sierra, 10.13.2, but has already been fixed in the current beta version of macOS High Sierra, 10.13.3. (And it doesn't work in macOS Sierra 10.12.6 or earlier.)
security  privacy  macOS  10.13  prefs  bug  passwords 
8 days ago by rgl7194

« earlier    

related tags

0day  10.13  1password  2017  2fa  advertising  advice  airport  alfred  alto  analysis  ancestry.com  android  anti.patterns  apache  apfs  apple  application  apps  asterisks  authentication  bitwarden  browser  browsers  bug  c#  chrome  cli  configuration  cool  crypto  cryptography  cyber-security  cybercrime  daring_fireball  data  delete  deployment  design  desktop  development  devops  diagnostics  diceware  digital  distributed  docker  dragnetnation  eff  encryption  faceid  family  filevault  find_my_device  firefox  firmware  forms  funny  genealogy  generator  gmail  google  gpg  hack  hacking  hardware  hash  hashing  history  howto  htaccess  icloud  identity  ifttt  image  infosec  input  internet  ios  ipad  iphone  irc  it/is  jet  juliaangwin  keberos  kenshirriff  krebs  lastpass  ldap  leaks  linux  location_services  login  mac  macbookpro  macos  malware  management  manager  media  messaging  miramodi  money  new  numbers  nycda  nytimes  oauth  openid  opensource  pass  passphrase  password-manager  password  password_list2017  password_managers  passwordmanager  pattern-library  patterns  pentest  pin  pocket  policy  pop-up-messages  poynter  preferences  prefs  privacy  programming  rbac  read  reset-process  reset  resolution  resources  right  root  rootsweb  safari  save  scripts  search  secrets  security  service  setting  settings  shared.secrets  sharing  signal  smm  social_media  software  splashdata  square  statistics  storytelling  strong  surveillance  surveys  sync  sysadmin  t  tech  technology  terminal  tips  tool  tools  toshare  touchid  tracking  travel  tsa  tutorial  tutorials  ux  vault  visualization  webapps  webcams  webdev  wifi  windows  work  workflow  xeroxalto  year 

Copy this bookmark:



description:


tags: