authentication

Pierluigi Paganini January 16, 2017
Weak passwords are still the root cause of data breaches

Key findings of a new study conducted by Keeper Security that analyzed 10 million hacked accounts from breached data dumps for the most popular passwords. Users’ bad habits are still one of the biggest problems for the IT industry, weak passwords and their reuse on multiple websites every day potentially expose a billion users to cyber […]

Pierluigi Paganini November 16, 2016
CVE-2016-4484 Hold down the Enter key for 70 sec to gain a Linux Root shell

The CVE-2016-4484 vulnerability can be exploited to gain a Linux Root shell by simply pressing the Enter Key for 70 Seconds. It could be quite easy to bypass the authentication procedures on some Linux systems just by holding down the Enter key for around 70 seconds. In this way, it is possible to open a shell […]

Pierluigi Paganini November 05, 2016
One oAuth 2.0 hack, 1 Billion Android App Accounts potentially exposed

Security researchers demonstrated that a Wrong oAuth 2.0 implementation allows a remote simple hack that exposes more than 1 Billion Android App Accounts. A remote simple hack devised by a group of security researchers threatens an amazing number of Android and iOS apps. An attacker can use the technique to sign into any victim’s mobile […]

Pierluigi Paganini October 15, 2016
Android Acecard banking trojan asks users for selfie with an ID card

Experts discovered a new variant of the Android Acecard banking trojan that asks victims to take a selfie while they are holding an ID card. The inventiveness of the criminals is a never ending pit. Recently, a number of organizations announced a new authentication method based on the selfies. For example, HSBC customers can open […]

Pierluigi Paganini September 23, 2016
As of October 5, automatic OAuth 2.0 token revocation upon password reset

Google announced a change to its security policy to increase the account security that includes the OAuth 2.0 token revocation upon password reset. Google has finally announced a new OAuth 2.0 token revocation according to its security policy, the company will roll out the change starting on Oct. 5. The change to the Google security policy […]

Pierluigi Paganini August 27, 2016
Opera warns Opera Sync users of possible security breach

The Norwegian company warned the users that the Opera Sync service of a possible security breach that might have exposed their data. On Friday, Opera, published a security alert to warn its users that the Opera Sync service might have been breached. In response to the alleged incident, Opera forced a password reset for all Sync […]

Pierluigi Paganini August 08, 2016
A New Google API Launched, in Avoidance of Android Passwords

Google has launched a new Google API working together with Dashlane, to stop using passwords for Android users and improving the user experience. It is true that Android security apps work wonder and also Google has been trying to use fewer passwords or none whatsoever, making it harder for someone to penetrate the privacy of its users. […]

Pierluigi Paganini July 29, 2016
QRLJacking — How to bypass QR Code Based Login System

QRLJacking is an attack technique devised by a cyber security researcher to Hijack bypass QR Code Based Quick Login System. Many desktop applications such as Line, WeChat, and WhatsApp allow users to authenticate themself with the Secure Quick Response Login method that relies on QR-code. The QR-code-based authentication system allows users to quickly access a website […]

Pierluigi Paganini June 10, 2016
Are you using EMC and VMware solutions? Watch out unauthorized accesses!

EMC Data Domain OS and VMware NSX and vRealize are affected by security issues that could be exploited to gain unauthorized access to data. Both EMC and VMware are affected by security issues that could allow unauthorized access to attackers. An information disclosure vulnerability in the EMC Data Domain OS could potentially be exploited by malicious users […]

Pierluigi Paganini May 25, 2016
Android will replace passwords with trust scores by 2017

Daniel Kaufman announced that Google is planning to make password identifications outmoded by 2017 and replace them with trust scores. Google wants to replace traditional passwords on Android with “trust scores,”  and it is planning to do it by 2017. The announcement was officialized at the Google I/O conference, the IT giant intends to use Google’s Trust API technology developed by […]