Skip to main content

Search

Items tagged with: Password


 
Bild/Foto
We are pleased to announce qTox & KeePassXC added by default to our Whonix 15 Testing (Buster based) release.

#toxchat #qtox #keepassxc #chat #password #security


 

#Matrix: We have discovered and addressed a #security breach.


source: https://matrix.org/blog/2019/04/11/security-incident/

TL;DR: An attacker gained access to the servers hosting Matrix.org. The intruder had access to the production databases, potentially giving them access to unencrypted message data, password hashes and access tokens. As a precaution, if you're a matrix.org user you should change your #password now.


#hack #software #problem #warning #messenger


 

#Matrix: We have discovered and addressed a #security breach.


source: https://matrix.org/blog/2019/04/11/security-incident/

TL;DR: An attacker gained access to the servers hosting Matrix.org. The intruder had access to the production databases, potentially giving them access to unencrypted message data, password hashes and access tokens. As a precaution, if you're a matrix.org user you should change your #password now.


#hack #software #problem #warning #messenger


 
If You’re Still Not #Using a #Password #Manager and #VPN #App, You’re #Officially Out of #Excuses
Bild/Foto
Major cyber attacks and data breaches are occurring at an alarming rate. In 2018 alone over 1.3 billion records were compromised in high-profile hacking incidents involving Twitter, Marriott, Exactis, and MyFitnessPal. So it’s no wonder 90 percent of consumers say they are “very concerned” about internet privacy. Unfortunately, all of this supposed concern about violations of online privacy has not resulted in consumers taking simple steps to protect themselves online, such as using a password manager and VPN app to safeguard their information, or using a credit monitoring service to spot fraudulent activity.
https://futurism.com/password-manager-vpn-app-combined-protection-dashlane/


 
If You’re Still Not #Using a #Password #Manager and #VPN #App, You’re #Officially Out of #Excuses
Bild/Foto
Major cyber attacks and data breaches are occurring at an alarming rate. In 2018 alone over 1.3 billion records were compromised in high-profile hacking incidents involving Twitter, Marriott, Exactis, and MyFitnessPal. So it’s no wonder 90 percent of consumers say they are “very concerned” about internet privacy. Unfortunately, all of this supposed concern about violations of online privacy has not resulted in consumers taking simple steps to protect themselves online, such as using a password manager and VPN app to safeguard their information, or using a credit monitoring service to spot fraudulent activity.
https://futurism.com/password-manager-vpn-app-combined-protection-dashlane/


 
#cybersecurity #computer #security

A tool to verify if your #password was leaked -- without leaking it!

YouTube: Have You Been Pwned? - Computerphile (Computerphile)


 

The password “ji32k7au4a83” has been seen over a hundred times


“Fun thing I learned today regarding secure passwords: the password "ji32k7au4a83" looks like it'd be decently secure, right? But if you check e.g. HIBP, it's been seen over a hundred times.…
Article word count: 745

HN Discussio
... show more


 

The password “ji32k7au4a83” has been seen over a hundred times


“Fun thing I learned today regarding secure passwords: the password "ji32k7au4a83" looks like it'd be decently secure, right? But if you check e.g. HIBP, it's been seen over a hundred times.…
Article word count: 745

HN Discussion: https://news.ycombinator.com/item?id=19297401
Posted by DoreenMichele (karma: 15732)
Post stats: Points: 166 - Comments: 67 - 2019-03-03T22:41:40Z

#HackerNews #been #has #hundred #... show more


 
Bild/Foto

Password Managers: Under the Hood of Secrets Management

Abstract:


Password managers allow the storage and retrieval of sensitive information from an encrypted database. Users rely on them to provide better security guarantees against trivial exfiltration than alternative ways of storing passwords, such as an unsecured flat text file. In this paper we propose security guarantees password managers should offer and examine the underlying workings of five popular password managers targeting the Windows 10 platform: 1Password 7, 1Password 4, Dashlane, KeePass, and LastPass. We anticipated that password managers would employ basic security best practices, such as scrubbing secrets from memory when they are not in use and sanitization of memory once a password manager was logged out and placed into a locked state. However, we found that in all password managers we examined, trivial secrets extraction was po
... show more


 
12 characters is mininum. That's what people from the brutforce #password cracking business told me.

Bild/FotoTinker wrote the following post Fri, 15 Feb 2019 02:20:02 +0100

~=8 Character Passwords Are Dead=~

New benchmark from the Hashcat Team shows a 2080Ti GPU passing 100 Billion password guesses per second (NTLM hash).

This means that the entire keyspace, or every possible combination of:
- Upper
- Lower
- Number
- Symbol

...of an 8 character password can be guessed in:

~2.5 hours

(8x 2080Ti GPUs against NTLM Windows hash)

#Hacking #Infosec


 

Have your passwords been stolen by hackers? New Chrome extension will let you know


If you have multiple online accounts (you probably do), and you've been on the internet for more than a few years, chances are at least some of your passwords have ended up in the wrong hands. Proof: Huge databases of stolen email/password combinations that are making the rounds online.

There's now a very easy and secure way to check whether your password is one of those databases, in the form of a new Chrome extension called Password Checkup.

Your passwords are never seen by Google (the company only stores a hashed, partial code for unsafe passwords in your Chrome browser), and Google claims the extension "never reports any identifying information about your accounts, passwords, or device."

See https://mashable.com/article/google-password-checkup/#1Ebf5IR2Iuqs

#passwords #google #hackers #chrome #password #data-breach #password-checkup #tech #cybersecurity #big-tech-companies


 

Forgot password? Five reasons why you need a password manager


#five #forgot #manager #need #password #reasons #why


 
Happy Change Your #Password Day! 🔡🔠🔢#️⃣*️⃣#1February #holiday
If you’re not using a #passwordmanager and you don’t have a separate password for every single website you logon to, what happened?? It’s almost mid-21st Century lol.
If you do use a password, today’s a good day to go into every single website and check to make sure 2-factor authentication is turned on or is newly available.


 

Cronjob mysql password error


I set up a #hubzilla server for the first time. Setting it up worked so far, hubzilla is running.

I also created the #cronjob as stated in the installation instructions, with */10 * * * * cd /var/www/html; /usr/bin/php Zotlabs/Daemon/Master.php Cron > /dev/null 2>&1

But now cron executed the job for the first time, and I got following error

Cron <root@Debian-95-stretch-64-minimal> test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
/etc/cron.daily/logrotate:
mysqladmin: connect to server at 'localhost' failed
error: 'Access denied for user 'root'@'localhost' (using password: NO)'
error: error running shared postrotate script for '/var/log/mysql/mysql.log /var/log/mysql/mysql-slow.log /var/log/mysql/mariadb-slow.log /var/log/mysql/error.log '
run-parts: /etc/cron.daily/logrotate ex
... show more


 
- #7-zip #broken #password #random #number #generator #rant


So I wanted to encrypt some files. Thought about using 7z+password. Stackexchange folks said "Didn't review it but it should be fine. You can browse the code yourself". So I did. After a few mins I noticed they use 8byte "random" IV. Yes, half of IV is zeroes. But it gets worse.
https://threadreaderapp.com/thread/1087848040583626753.html


 
- #7-zip #broken #password #random #number #generator #rant


So I wanted to encrypt some files. Thought about using 7z+password. Stackexchange folks said "Didn't review it but it should be fine. You can browse the code yourself". So I did. After a few mins I noticed they use 8byte "random" IV. Yes, half of IV is zeroes. But it gets worse.
https://threadreaderapp.com/thread/1087848040583626753.html


 
- #7-zip #broken #password #random #number #generator #rant
Bild/Foto
So I wanted to encrypt some files. Thought about using 7z+password. Stackexchange folks said "Didn't review it but it should be fine. You can browse the code yourself". So I did. After a few mins I noticed they use 8byte "random" IV. Yes, half of IV is zeroes. But it gets worse.
https://threadreaderapp.com/thread/1087848040583626753.html


 

7-zip broken password random number generator


Thread by @3lbios: "So I wanted to encrypt some files. Thought about using 7z+password. Stackexchange folks said "Didn't review it but it sho I did. After a few mins I noticed they use 8byte "random"…
Article word count: 444

HN Discussion: https://news.ycombinator.com/item?id=18981492
Posted by wyday (karma: 2559)
Post stats: Points: 128 - Comments: 50 - 2019-01-23T19:05:50Z

\#HackerNews #7-zip #broken #generator #number #... show more


 
Let's start with the raw numbers because that's the headline, then I'll drill down into where it's from and what it's composed of. Collection #1 is a set of email addresses and passwords totalling 2,692,818,238 rows. It's made up of many different individual data breaches from literally thousands of different sources. (And yes, fellow techies, that's a sizeable amount more than a 32-bit integer can hold.)
source: https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/

#password #security #crime #news #hack #bigdata #email


 
Let's start with the raw numbers because that's the headline, then I'll drill down into where it's from and what it's composed of. Collection #1 is a set of email addresses and passwords totalling 2,692,818,238 rows. It's made up of many different individual data breaches from literally thousands of different sources. (And yes, fellow techies, that's a sizeable amount more than a 32-bit integer can hold.)
source: https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/

#password #security #crime #news #hack #bigdata #email


 

Sichere Passwörter


Master Password



#it-security #it-sicherheit #Passwort #password


 
... show more


 
Bild/Foto

Schneier on Security (Friday Squid Blogging):


Warning / Happening: Tutanota is possibly compromised!


[?!]


https://www.schneier.com/blog/archives/2018/11/friday_squid_bl_653.html#c6785651Martin Fruehauf • December 1, 2018 9:14 AM
An insider from the German Bundesnachrichtendienst (BND / Vopo) / Secret Service just has released a message stating that Tutanota was compromised.

The message as reported by the BND insider just has been picked up by the British Guardian online edition (30th Nov. 2018, 7:30pm GMT).

Here the message:

Tutanota recently released a new recovery code feature that allows a user to recover their account if they forget their password. This recovery code adds a second method to decrypt your private key and thus your emails. This feature wa
... show more


 
RT @NyxHysteria
Pour vous simplifiez la vie, des logiciels existent, utilisez les ! @KeePass , @1Password , @dashlane et d'autres. @nextinpact vous à même fait un article pour vous aider à choisir le votre : https://www.nextinpact.com/news/101627-mots-passe-on-vous-aide-a-choisir-gestionnaire-quil-vous-faut.htm?skipua=1 #InfoSec #password


 
Bild/FotoMatt Osbun wrote the following post Fri, 12 Oct 2018 16:21:22 +0200

Compelled Password burden of proof

Massachusetts Supreme Judicial Court is tackling an important issue. A little background: Generally government law enforcement can't compel a password or decryption unless it's a foregone conclusion that they're going to find what they're looking for. The problem that the court is facing is what is the burden of proof needed in order to consider a result a "foregone conclusion"? Generally, they're not allowed fishing expeditions in other people's laptops and phone, due to the 5th Amendment against self-incrimination. I've... show more