There’s new research on the security of password managers, specifically 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager accidentally leave plain text copies of the password lying around memory? Don’t forget to read the Comments!
Password managers allow the storage and retrieval of sensitive information from an encrypted database. Users rely on them to provide better security guarantees against trivial exfiltration than alternative ways of storing passwords, such as an unsecured flat text file. In this paper we propose security guarantees password managers should offer and examine the underlying workings […]
Hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable distributed password cracking. Think your 12 character passwords are still strong enough? One […]
I’m not going to ask why you need a keylogger. Just know that installing one on someone else’s system is a great way to get yourself dumped, fired, or prosecuted, depending on your situation. It’s also a great way to really put someone in a world of hurt, should the little utility you’ve downloaded capture keystrokes […]
There is a major issue with Signal: Your account is tied to your phone number. This makes these apps really easy to use, since there are no usernames or passwords to deal with. It also makes it easy to discover other app users; if someone is a contact in your phone and has the app […]
Today, researchers at Trustwave released a new open-source tool called Social Mapper, which uses facial recognition to track subjects across social media networks. Designed for security researchers performing social engineering attacks, the system automatically locates profiles on Facebook, Instagram, Twitter, LinkedIn, and other networks based on a name and picture. Those searches can already be performed […]