1
11
submitted 1 week ago by agilob to c/security
2
8
submitted 3 weeks ago by 0x0 to c/security

KrebsOnSecurity has been in intermittent contact with LockBitSupp for several months over the course of reporting on different LockBit victims. Reached at the same ToX instant messenger identity that the ransomware group leader has promoted on Russian cybercrime forums, LockBitSupp claimed the authorities named the wrong guy.

LockBitSupp, who now has a $10 million bounty for his arrest from the U.S. Department of State, has been known to be flexible with the truth.

3
17
submitted 3 weeks ago by 0x0 to c/security
4
15
submitted 1 month ago by 0x0 to c/security
5
7
submitted 1 month ago by [email protected] to c/security
6
13
PuTTY vulnerability vuln-p521-bias (www.chiark.greenend.org.uk)
submitted 1 month ago by [email protected] to c/security
7
16
submitted 1 month ago by [email protected] to c/security
8
5
submitted 1 month ago by [email protected] to c/security
9
14
submitted 1 month ago by [email protected] to c/security
10
10
submitted 1 month ago by [email protected] to c/security
11
5
CVE 10.0 vulnerability in PAN-OS (security.paloaltonetworks.com)
submitted 1 month ago by [email protected] to c/security
12
22
Schneier on xz (www.schneier.com)
submitted 1 month ago by 0x0 to c/security
13
26
submitted 1 month ago by [email protected] to c/security
14
31
submitted 1 month ago by onlinepersona to c/security
15
6
submitted 1 month ago by [email protected] to c/security
16
9
submitted 1 month ago by 0x0 to c/security

When an email is forwarded, the position of the original email in the DOM usually changes, allowing for CSS rules to be selectively applied only when an email has been forwarded.

17
13
submitted 1 month ago by [email protected] to c/security
18
10
submitted 1 month ago by [email protected] to c/security
19
12
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/security

Anyone here use fidelity (https://www.fidelity.com/)? I had to call to get something done with my account and thought it was weird that they have you (more/less) T9 dial your password into the system, though its not real T9 in that (for example) one press of 2 would mean either a,A,b,B,c,C,2. They say for special characters just give a * sign.

Any thoughts on if that is safe on their part? It seems weird to me since they either need the password in plaintext on their end or I guess the hash of the T9 version of the password which would be less secure anyways because of: all one case and only one type of 'special character'.

And yes: before you ask this was 100% the actual fidelity phone number: +1 800-343-3548

In their defense they did ask for other verification information once I got a person, but still felt really weird.

Any thoughts on the security of this mechanism?

20
24
submitted 1 month ago by [email protected] to c/security
21
34
submitted 1 month ago by canpolat to c/security
22
25
submitted 2 months ago by canpolat to c/security
23
5
submitted 3 months ago by Kissaki to c/security

Describes considerations of convenience and security of auto-confirmation while entering a numeric PIN - which leads to information disclosure considerations.

An attacker can use this behavior to discover the length of the PIN: Try to sign in once with some initial guess like “all ones” and see how many ones can be entered before the system starts validating the PIN.

Is this a problem?

24
9
submitted 3 months ago by [email protected] to c/security
25
5
submitted 3 months ago by [email protected] to c/security
view more: next ›

Security

554 readers
1 users here now

A community for discussion about cybersecurity, hacking, cybersecurity news, exploits, bounties etc.

Rules :

  1. All instance-wide rules apply.
  2. Keep it totally legal.
  3. Remember the human, be civil.
  4. Be helpful, don't be rude.

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 11 months ago
MODERATORS