WeChat ID
aaronpk_tv
#Security
-
Into the symmetry: Open redirect in rfc6749 aka 'The OAuth 2.0 Authorization Framework' (intothesymmetry.blogspot.ch)
-
The Value of a Name (ello.co)
as of Saturday morning my number had been forwarded to a number I did not recognize. Unreal. So, as far I can tell, the attack actually started with my cell phone provider, which somehow allowed some level of access or social engineering into my Google account, which then allowed the hackers to receive a password reset email from Instagram, giving them control of the account.
-
The comments on this "hacking a Gmail account with just a phone number" article make me reconsider using SMS/phone as a security mechanism at all. Original article: https://ello.co/gb/post/knOWk-qeTqfSpJ6f8-arCQ Comments: https://news.ycombinator.com/item?id=8541313 -
I work as a sales rep in-store for a telco. From a security perspective, it's ridiculous... | Hacker News (news.ycombinator.com)
Anyone relying on two-factor auth with a phone number who uses my company is vulnerable. Simple as that. It would take a determined attacker a day to get control of your number.
-
Google Two Factor Authentication, possible attacks and prevention (zerocool.is-a-geek.net)
To prevent this kind of attack we need to: limit the number of login attempts, ban IPs that send a large number of login requests
-
What should a website operator do about the Heartbleed OpenSSL exploit? (security.stackexchange.com)
-
Just got this email from Dreamhost. https://gist.github.com/aaronpk/7475391 An interesting proactive response to the Adobe user db leak!
-
A Simple Encrypted Password File on OSX
Here's a really simple trick for keeping an encrypted file for passwords and other sensitive information on OS X or Linux. I use this to keep some basic password hints and account numbers on my computer.continue reading... -
Hashcash (en.wikipedia.org)
Hashcash is a proof-of-work system designed to limit email spam and denial-of-service attacks
