passwords   13875

« earlier    

UNIQPASS v18 · Large password list
UNIQPASS is a large password list for use with John the Ripper (JtR) wordlist mode to translate large number of hashes, e.g. MD5 hashes, into cleartext passwords.
password  security  cracker  cryptography  dictionary  information  list  passwords  reference  wordlist 
5 days ago by mdelatorre
Daring Fireball: iOS Is Ripe for Phishing Password Prompts
Felix Krause...
I’ve been thinking about this for years, and have been somewhat surprised this hasn’t become a problem. It’s a tricky problem to solve, though. How can the system show a password prompt that can’t be replicated by phishers? The best idea I’ve seen is for these system-level prompts to only appear in the Settings app. When the system needs your iCloud or iTunes password while you’re in any other app, that prompt would take you to Settings, where you’d then be prompted for the password. That’s not great, though, because it makes entering your password far more cumbersome. And how would you get back to the original app after entering your password?
Krause suggests one way to protect yourself if you suspect a password prompt might be a phishing attempt: press the home button. If it’s a phishing scam, the dialog box will disappear when you go back to the home screen, because it’s part of the app you’re using. If it’s a real system-level prompt, the alert will still be there.
security  privacy  ios  apps  phishing  appleID  passwords  ui/ue  daring_fireball 
5 days ago by rgl7194
iOS Privacy: steal.password - Easily get the user's Apple ID password, just by asking — Felix Krause
Do you want the user's Apple ID password, to get access to their Apple account, or to try the same email/password combination on different web services? Just ask your users politely, they'll probably just hand over their credentials, as they're trained to do so 👌
This is just a proof of concept, phishing attacks are illegal! Don't use this in any of your apps. The goal of this blog post is to close the loophole that has been there for many years, and hasn't been addressed yet. For moral reasons, I decided not to include the actual source code of the popup, however it was shockingly easy to replicate the system dialog.
security  privacy  ios  apps  phishing  appleID  passwords  ui/ue 
5 days ago by rgl7194
Can apps steal your passwords? What you need to know! | iMore
Phishing attacks can theoretically come from apps as well as messages and websites. It's been the subject of industry discussion for a long, long time. Now, it's in the spotlight again.
"How would you say would be the easiest way to take a weapon away from a Grammaton Cleric?"
"You ask him for it."
That quote, from the movie Equilibrium, echoes a longstanding issue with security. Namely, no system that includes humans is ever truly secure. We use the same passwords for multiple services. We write them down on our desks at home and at work. We tell our passwords to people who claim to be tech support on the phone or over email.
security  privacy  ios  apps  phishing  appleID  passwords  ui/ue 
5 days ago by rgl7194
Watch Out! Difficult-to-Detect Phishing Attack Can Steal Your Apple ID Password
Can you detect which one of the above screens—asking an iPhone user for iCloud password—is original and which is fake?
Well, you would agree that both screenshots are almost identical, but the pop-up shown in the second image is fake—a perfect phishing attack that can be used to trick even the most careful users on the Internet.
Felix Krause, an iOS developer and founder of Fastlane.Tools, demonstrated an almost impossible to detect phishing attack that explains how a malicious iOS app can steal your Apple ID password to get access to your iCloud account and data.
security  privacy  ios  apps  phishing  appleID  passwords  ui/ue 
5 days ago by rgl7194
Beware of sketchy iOS popups that want your Apple ID | Ars Technica
Benign iOS prompts are indistinguishable from those generated by malicious apps.
One of iOS' rougher edges are the popups it produces on a regular but seemingly random basis. These popups require users to enter their Apple ID before they can install or update an app or complete some other mundane task. The prompts have grown so common most people don't think twice about them.
Mobile app developer Felix Krause makes a compelling case that these popups represent a potential security hole through which attackers can steal user credentials. In a blog post published Tuesday, he showed side-by-side comparisons, pictured above, of an official popup produced by iOS and a proof-of-concept phishing popup. The lookalike popups require less than 30 lines of code and could be sneaked into an otherwise legitimate app that has already found its way into Apple's App Store.
security  privacy  ios  apps  phishing  appleID  passwords  ui/ue 
5 days ago by rgl7194
Changes in Password Best Practices - Schneier on Security
NIST recently published their four-volume SP800-63-3 Digital Identity Guidelines. Among other things, they make three important suggestions when it comes to passwords:
Stop it with the annoying password complexity rules. They make passwords harder to remember. They increase errors because artificially complex passwords are harder to type in. And they don't help that much. It's better to allow people to use pass phrases.
Stop it with password expiration. That was an old idea for an old way we used computers. Today, don't make people change their passwords unless there's indication of compromise.
Let people use password managers. This is how we deal with all the passwords we need.
These password rules were failed attempts to fix the user. Better we fix the security systems.
security  passwords  privacy  1password  gov2.0 
6 days ago by rgl7194

« earlier    

related tags

0day  10.13  1password  2fa  accounts  activedirectory  activism  activist  administration  adobe  airport  alex  android  apfs  apple  appleid  apps  auth  authentication  authorization  backup  battery  bestpractices  blag  bluetooth  breach  britain  bug  captcha  check  cli  comparison  comparisons  computer_security  computers  computersecurity  cookies  cool_tools  corporate  cracker  credit_report  cryptography  cybersecurity  daring_fireball  dashlane  data  design.pattern  design  development  dice  dictionary  dopost  dropbox  email  encryption  enumerationattack  equifax  expiring  face_recognition  fingerprint  gchq  generator  go  golang  google  gov2.0  government  guide  hack  hacking  hadoop  hash  hashes  headphones  hellyeahshow  hive  howto  humour  icloud  identity_theft  ifttt  information  infosec  infrastructure  instagram  interface  internet  ios  iphone  javascript  keepass  kpcli  lastpass  law  library  list  logins  mac  macbook  macos  mainstream  management  messaging  microsoft  nist  notes  nytimes  online-security  online  opensource  password-lists  password  password_manager  passwordmanagement  patterns  phishing  plugins  podcast  police.state  police  policy  porn  privacy  process  programming  properly  protect  pwned  reference  reviews  ripa  safety  schneier  scrypt  secrets  security  sense  setup  sharing  slack  slides  sql  storage  syncing  t  teams  tech  technology  temporary  tfa  tool  tools  touchid  travels  trust  tutorial  twitter  two-factor-authentication  ui/ue  uk  users  webapps  wi-fi  windows10  wordlist  wordpress  work  wrk-tools 

Copy this bookmark: