There is a major issue with Signal: Your account is tied to your phone number. This makes these apps really easy to use, since there are no usernames or passwords to deal with. It also makes it easy to discover other app users; if someone is a contact in your phone and has the app […]
Australia’s COVIDSafe app has been out for three weeks now but despite the government’s draft legislation stating the data cannot be accessed outside of coronavirus tracing purposes, some of its vague wording is causing legal experts concern over potential misuse. But despite the app seeming mostly fine on a software level, legal and tech experts still have […]
After several months of testing, the first stable, public build of a Tor browser for Android is finally available on the Google Play Store. The Tor Project team says it made special considerations for the Android version, since mobile browsing tends to incur even more surveillance than desktop browsing and because users have less control over the mobile browsing […]
There’s new research on the security of password managers, specifically 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager accidentally leave plain text copies of the password lying around memory? Don’t forget to read the Comments!
Password managers allow the storage and retrieval of sensitive information from an encrypted database. Users rely on them to provide better security guarantees against trivial exfiltration than alternative ways of storing passwords, such as an unsecured flat text file. In this paper we propose security guarantees password managers should offer and examine the underlying workings […]
Hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable distributed password cracking. Think your 12 character passwords are still strong enough? One […]
I’m not going to ask why you need a keylogger. Just know that installing one on someone else’s system is a great way to get yourself dumped, fired, or prosecuted, depending on your situation. It’s also a great way to really put someone in a world of hurt, should the little utility you’ve downloaded capture keystrokes […]
Today, researchers at Trustwave released a new open-source tool called Social Mapper, which uses facial recognition to track subjects across social media networks. Designed for security researchers performing social engineering attacks, the system automatically locates profiles on Facebook, Instagram, Twitter, LinkedIn, and other networks based on a name and picture. Those searches can already be performed […]