Aaron Parecki

#security

• 

  The comments on this "hacking a Gmail account with just a phone number" article make me reconsider using SMS/phone as a security mechanism at all. Original article: https://ello.co/gb/post/knOWk-qeTqfSpJ6f8-arCQ Comments: https://news.ycombinator.com/item?id=8541313

  Portland, Oregon, USA

  2 likes 5 reposts 1 reply

  Fri, Oct 31, 2014 6:33pm -07:00 #security
• I work as a sales rep in-store for a telco. From a security perspective, it's ridiculous... | Hacker News (news.ycombinator.com)

  Anyone relying on two-factor auth with a phone number who uses my company is vulnerable. Simple as that. It would take a determined attacker a day to get control of your number.

  Fri, Oct 31, 2014 6:27pm -07:00 #2fa #security
• Google Two Factor Authentication, possible attacks and prevention (zerocool.is-a-geek.net)

  To prevent this kind of attack we need to: limit the number of login attempts, ban IPs that send a large number of login requests

  Wed, Oct 15, 2014 12:22pm -07:00 #indieauth #totp #security
• Reverse Heartbleed Tester (reverseheartbleed.com)

  Thu, Apr 10, 2014 2:01pm -07:00 #heartbleed #ops #security #ssl
• What should a website operator do about the Heartbleed OpenSSL exploit? (security.stackexchange.com)

  Thu, Apr 10, 2014 1:35pm -07:00 #heartbleed #openssl #ops #security
• How to explain Heartbleed without technical terms? (security.stackexchange.com)

  Thu, Apr 10, 2014 1:22pm -07:00 #heartbleed #ops #security #ssl
• 

  Just got this email from Dreamhost. https://gist.github.com/aaronpk/7475391 An interesting proactive response to the Adobe user db leak!

  Portland, OR, USA

  Thu, Nov 14, 2013 2:30pm -08:00 #security #passwords

• A Simple Encrypted Password File on OSX

  Here's a really simple trick for keeping an encrypted file for passwords and other sensitive information on OS X or Linux. I use this to keep some basic password hints and account numbers on my computer.

  continue reading...

  2 mentions

  Mon, Jul 29, 2013 1:42am -07:00 #security #password #encryption
• Hashcash (en.wikipedia.org)

  Hashcash is a proof-of-work system designed to limit email spam and denial-of-service attacks

  Wed, Aug 8, 2012 8:51pm -07:00 #crypto #DOS #email #hash #security #spam
• AT&T Introduces Digital Life: IP-Based Home Automation And Security System (techcrunch.com)

  Sun, May 6, 2012 11:58pm -07:00 #att #home automation #security
• PHP-PasswordLib (blog.ircmaxell.com)

  A PHP library for generating and validating passwords

  Sat, Apr 14, 2012 12:30pm -07:00 #library #password #php #security
• A few CSRF-like vulnerable examples. (homakov.blogspot.com)

  Mon, Apr 2, 2012 11:22pm -07:00 #crsf #security
• Four Attacks on OAuth - How to Secure Your OAuth Implementation (software-security.sans.org)

  Wed, Jun 22, 2011 5:08pm -07:00 #oauth #oauth2 #security
• Matasano Security LLC - Chargen - Enough With The Rainbow Tables: What You Need To Know About Secure Password Schemes (chargen.matasano.com)

  Fri, Sep 10, 2010 8:57am -07:00 #algorithm #authentication #crypto #cryptography #database #encryption #hash #md5 #password #php #security #web
• BBC News - Google admits wi-fi data collection blunder (news.bbc.co.uk)

  Tue, May 18, 2010 3:46pm -07:00 #google #internet #privacy #security #wifi
• Computer security: Loose clicks sink ships | The Economist (www.economist.com)

  Tue, Apr 13, 2010 11:40pm -07:00 #detection #keyboard #science #security #speech
• OAuth is not OpenID (softwareas.com)

  Sat, Jan 30, 2010 3:48pm -08:00 #authentication #openid #security #web #web2.0