recentpopularlog in

hthief : infosec   19

Time to rethink mandatory password changes | Federal Trade Commission
Data security is a process that evolves over time as new threats emerge and new countermeasures are developed.
infosec  research 
11 days ago by hthief
Security Myths and Passwords - CERIAS - Purdue University
In summary, forcing periodic password changes given today’s resources is unlikely to significantly reduce the overall threat—unless the password is immediately changed after each use.
infosec 
11 days ago by hthief
The Most Expensive Lesson Of My Life: Details of SIM port hack
A detail of an hack where the victim lost 100k$ in crypto (lol) due to a sim card spoof and 2fa
infosec  2fa 
22 days ago by hthief
SecurityWhitepaper.pdf
MEGA's whitepaper on E2EE end to end encryption
infosec 
25 days ago by hthief
Subscribe to read | Financial Times
WhatsApp voice calls used to inject Israeli spyware on phones
Israel  infosec 
5 weeks ago by hthief
One of the world’s most visited websites that nobody is aware of | Weblog | Sijmen Ruwhof
An investigation into how multiple tax files of Dutch citizens were published via docplayer.nl, which was among other things scraping said documents from other sites
infosec 
10 weeks ago by hthief
How To Spoof PDF Signatures
The blogpost details how PDF works and how signature works on PDF, by incremental saving, allowing the modification of the PDF without changing the previous content.
pdf  security  infosec 
10 weeks ago by hthief
Facebook Information Leak - Webpages can confirm a user's ID
I discovered a Facebook bug which allows me to identify whether a visitor is logged in to a specific Facebook account. It can check hundreds of identities per second.
facebook  infosec 
march 2019 by hthief
Report: The Mac Malware of 2018 🍎👾 | Patrick Wardle on Patreon
a ~50 page PDF detailing all the new (public) Mac malware/adware of 2018
infosec  malware  reports 
january 2019 by hthief
privacy/security concerns · Issue #68 · plaid/link
A sanfran fintech company, valued in 2.5b$ provides a payment method that works by injecting a login form to get your bank credentials; which is a terrible idea prone to security risks.
security  infosec 
december 2018 by hthief
Stealing Chrome cookies without a password
Through use of remote debugging and running headless chrome, it is possible to salvage all the user's cookies. Some other insights into prevention, through channel-bound cookies, a feature that is being removed on chrome, also provided
cookies  security  debugging  google  hacking  privacy  chrome  infosec 
december 2018 by hthief

Copy this bookmark:





to read