Dropbox security is abysmal
I'm making my way through my passwords to update ones that I used off of a repeating pattern and actually make use of my password manager. I got to Dropbox, which I have not used in years. Yeeeaaars. And clicked 'launch' and lo and behold not only did it bring me to the login screen, it brought me to my main dashboard. I just sorta blinked at it like, 'Wha? Where's the login screen? Why am I staring at my files like this is fine?'Again, I haven't logged in in three years. This is insane.So then I go to the update password section as intended and to do so you're asked to enter your old password (pretty standard) and then your new password. Once. Not twice to verify, but just once.What a fucking mess.I have a couple of photo albums and some songs to share with my family so whatever, but some people rely on Dropbox for a lot more so this is just absurd.Now, I know that they also offer additional security features like 2 factor, but just as a baseline this is dumb.
Submitted December 12, 2017 at 09:39AM by tetsuo316
via reddit http://ift.tt/2BDA8FC
I'm making my way through my passwords to update ones that I used off of a repeating pattern and actually make use of my password manager. I got to Dropbox, which I have not used in years. Yeeeaaars. And clicked 'launch' and lo and behold not only did it bring me to the login screen, it brought me to my main dashboard. I just sorta blinked at it like, 'Wha? Where's the login screen? Why am I staring at my files like this is fine?'Again, I haven't logged in in three years. This is insane.So then I go to the update password section as intended and to do so you're asked to enter your old password (pretty standard) and then your new password. Once. Not twice to verify, but just once.What a fucking mess.I have a couple of photo albums and some songs to share with my family so whatever, but some people rely on Dropbox for a lot more so this is just absurd.Now, I know that they also offer additional security features like 2 factor, but just as a baseline this is dumb.
Submitted December 12, 2017 at 09:39AM by tetsuo316
via reddit http://ift.tt/2BDA8FC
reddit
Dropbox security is abysmal • r/security
I'm making my way through my passwords to update ones that I used off of a repeating pattern and actually make use of my password manager. I got...
RFC: Mobile App Security
https://twitter.com/JigarMJoshi/status/940081161757265920
Submitted December 12, 2017 at 12:08PM by 1ECz
via reddit http://ift.tt/2AxPrza
https://twitter.com/JigarMJoshi/status/940081161757265920
Submitted December 12, 2017 at 12:08PM by 1ECz
via reddit http://ift.tt/2AxPrza
Twitter
Jigar
Mobile apps along with user permissions, must also declared fixed set of domains it can make network connections to. Plain text data transport from mobile app must also warn users like browsers also allow user to disable it too. #security #MobileApps #MobileSecurity
Une societe de securite ile de france
https://www.hamiwes.com
Submitted December 12, 2017 at 12:27PM by hamiwes01
via reddit http://ift.tt/2B7sfHf
https://www.hamiwes.com
Submitted December 12, 2017 at 12:27PM by hamiwes01
via reddit http://ift.tt/2B7sfHf
Hamiwes
Société sécurité privée Paris | Agent de sécurité ssiap 1 - Ile de France.
L’agence de gardiennage Hamiwes Sécurité Privée basée à Paris (75), est spécialisée dans la securite privee, protection, incendie, ssiap 1 dans la région Ile de France.
Don’t trust all SSL / TLS certificates
http://ift.tt/2yfYQFV
Submitted December 12, 2017 at 03:43PM by hacktvist
via reddit http://ift.tt/2BauOIO
http://ift.tt/2yfYQFV
Submitted December 12, 2017 at 03:43PM by hacktvist
via reddit http://ift.tt/2BauOIO
Binary Figments
Don’t trust all SSL / TLS certificates
Earlier I did a story about CSR checkers from CA’s and their resellers. This was a nice thing to do and an eyeopener for some people. Now, I went for the certificate checkers! I generated my …
The 2018 Guide to Building Secure PHP Software
http://ift.tt/2AecvyO
Submitted December 12, 2017 at 05:56PM by sarciszewski
via reddit http://ift.tt/2kqTuCD
http://ift.tt/2AecvyO
Submitted December 12, 2017 at 05:56PM by sarciszewski
via reddit http://ift.tt/2kqTuCD
Paragonie
The 2018 Guide to Building Secure PHP Software - Paragon Initiative Enterprises Blog
Everything a developer needs to know to build secure software in the PHP programming language in the year 2018
Can a hacker log in bypassing 2FA?
Hello, If a hacker has an access to your login and password + email details, but he has no access to 2fa, can he log in your account?
Submitted December 12, 2017 at 06:48PM by esdohadoce
via reddit http://ift.tt/2kpGVYs
Hello, If a hacker has an access to your login and password + email details, but he has no access to 2fa, can he log in your account?
Submitted December 12, 2017 at 06:48PM by esdohadoce
via reddit http://ift.tt/2kpGVYs
reddit
Can a hacker log in bypassing 2FA? • r/security
Hello, If a hacker has an access to your login and password + email details, but he has no access to 2fa, can he log in your account?
Detection Lab is a collection of Packer and Vagrant noscripts that allow you to quickly bring a Windows Active Directory online, complete with a collection of endpoint security tooling and logging best practices.
http://ift.tt/2z3sEsV
Submitted December 12, 2017 at 06:32PM by speckz
via reddit http://ift.tt/2AwdkHB
http://ift.tt/2z3sEsV
Submitted December 12, 2017 at 06:32PM by speckz
via reddit http://ift.tt/2AwdkHB
Medium
Introducing: Detection Lab
Detection Lab is a collection of Packer and Vagrant noscripts that allow you to quickly bring a Windows Active Directory online, complete…
Security In 5: Episode 130 - OWASP Top 10 - A9 - Using Components With Known Vulnerabilities
http://ift.tt/2jB5yVI
Submitted December 12, 2017 at 07:32PM by BinaryBlog
via reddit http://ift.tt/2Bcefwp
http://ift.tt/2jB5yVI
Submitted December 12, 2017 at 07:32PM by BinaryBlog
via reddit http://ift.tt/2Bcefwp
Libsyn
Security In Five Podcast: Episode 130 - OWASP Top 10 - A9 - Using Components With Known Vulnerabilities
The OWASP Top 10 list is almost done. Number 9 talks about using components with known vulnerabilities. If you think this doesn't happen, look at Equifax. When vulnerabilities are published for a components hackers start to work on attacks for it. If you…
makin - reveal anti-debug tricks
http://ift.tt/2yhjzco
Submitted December 12, 2017 at 07:08PM by khasaia
via reddit http://ift.tt/2nUlEL8
http://ift.tt/2yhjzco
Submitted December 12, 2017 at 07:08PM by khasaia
via reddit http://ift.tt/2nUlEL8
GitHub
secrary/makin
makin - reveal anti-debug tricks
BrickerBot Author Retires Claiming to Have Bricked over 10 Million IoT Devices
http://ift.tt/2BdR2tu
Submitted December 12, 2017 at 07:35PM by DJRWolf
via reddit http://ift.tt/2l5rict
http://ift.tt/2BdR2tu
Submitted December 12, 2017 at 07:35PM by DJRWolf
via reddit http://ift.tt/2l5rict
BleepingComputer
BrickerBot Author Retires Claiming to Have Bricked over 10 Million IoT Devices
The author of the BrickerBot malware has announced his retirement in an email to Bleeping Computer, also claiming to have bricked over 10 million devices since he started the "Internet Chemotherapy" project in November 2016.
TLS Padding Oracle Vulnerability in Citrix NetScaler
http://ift.tt/2iTx2Sh
Submitted December 12, 2017 at 07:27PM by KernelJay
via reddit http://ift.tt/2ANTpRm
http://ift.tt/2iTx2Sh
Submitted December 12, 2017 at 07:27PM by KernelJay
via reddit http://ift.tt/2ANTpRm
reddit
TLS Padding Oracle Vulnerability in Citrix NetScaler • r/netsec
1 points and 0 comments so far on reddit
BLOCKBUSTED: Lazarus, Blockbuster, and North Korea
http://ift.tt/2nQYtBz
Submitted December 12, 2017 at 08:11PM by 0xbaadf00dsec
via reddit http://ift.tt/2C4PmQF
http://ift.tt/2nQYtBz
Submitted December 12, 2017 at 08:11PM by 0xbaadf00dsec
via reddit http://ift.tt/2C4PmQF
Intezer
BLOCKBUSTED: Lazarus, Blockbuster, and North Korea - Intezer
As we have proven in previous research blog posts, malware authors often reuse the same code. This evolution of code and code reuse is seen all throughout the well known Blockbuster campaign and connections between other malware attributed to the Lazarus…
Return of Bleichenbacher's Oracle Threat (ROBOT)
https://robotattack.org
Submitted December 12, 2017 at 08:35PM by KernelJay
via reddit http://ift.tt/2BIOqEO
https://robotattack.org
Submitted December 12, 2017 at 08:35PM by KernelJay
via reddit http://ift.tt/2BIOqEO
robotattack.org
The ROBOT Attack
Return of Bleichenbacher's Oracle Threat - ROBOT is the return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server.
VERT Threat Alert: Return of Bleichenbacher’s Oracle Threat (ROBOT)
http://ift.tt/2BeEuSR
Submitted December 12, 2017 at 08:37PM by nanooonanooo
via reddit http://ift.tt/2jBf0sf
http://ift.tt/2BeEuSR
Submitted December 12, 2017 at 08:37PM by nanooonanooo
via reddit http://ift.tt/2jBf0sf
The State of Security
VERT Threat Alert: Return of Bleichenbacher’s Oracle Threat (ROBOT)
A team of researchers has announced that TLS stacks from at least seven different vendors are vulnerable to a well-known 19-year-old protocol flaw (ROBOT).
The ROBOT Attack
http://ift.tt/2AdSOay
Submitted December 12, 2017 at 09:06PM by speckz
via reddit http://ift.tt/2z3I1BE
http://ift.tt/2AdSOay
Submitted December 12, 2017 at 09:06PM by speckz
via reddit http://ift.tt/2z3I1BE
robotattack.org
The ROBOT Attack
Return of Bleichenbacher's Oracle Threat - ROBOT is the return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server.
HP leaves accidental keylogger in laptop keyboard driver
http://ift.tt/2ygl6Q0
Submitted December 12, 2017 at 08:56PM by EvanConover
via reddit http://ift.tt/2AdUlxe
http://ift.tt/2ygl6Q0
Submitted December 12, 2017 at 08:56PM by EvanConover
via reddit http://ift.tt/2AdUlxe
Naked Security
HP leaves accidental keylogger in laptop keyboard driver
HP didnt beat around the bush – when a researcher found a left-over keylogger, the company fessed up and fixed it fast. Result!
How secure is online backup/cloud services such as Crashplan, Backblaze, Dropbox, etc
No text found
Submitted December 12, 2017 at 08:45PM by mscaff
via reddit http://ift.tt/2z3I54m
No text found
Submitted December 12, 2017 at 08:45PM by mscaff
via reddit http://ift.tt/2z3I54m
reddit
How secure is online backup/cloud services such as... • r/security
2 points and 2 comments so far on reddit
Analysis of File-Spider Ransomware
http://ift.tt/2ygCOCO
Submitted December 12, 2017 at 10:35PM by bill__24
via reddit http://ift.tt/2kqKFIW
http://ift.tt/2ygCOCO
Submitted December 12, 2017 at 10:35PM by bill__24
via reddit http://ift.tt/2kqKFIW
Sdkhere
Analysis of File-Spider Ransomware
FileSpider Ransomware, Spider Ransomware, Spider, Ransomware, MSIL Ransomware
GDPR WARNING: Do not forget about mobile apps when planning for GDPR
http://ift.tt/2jSZk01
Submitted December 12, 2017 at 11:48PM by Mi3Security
via reddit http://ift.tt/2kqSiPC
http://ift.tt/2jSZk01
Submitted December 12, 2017 at 11:48PM by Mi3Security
via reddit http://ift.tt/2kqSiPC
Mi3 Security
GDPR WARNING: Do not forget about mobile apps when planning for GDPR
General Data Protection Regulation (GDPR) is the new regulation to protect EU citizens’ personal data, replacing the current directive from 1995 and establishing a single set of rules across the European Union. GDPR outlines a set of obligations for organizations…
Phishers Are Upping Their Game. So Should You.
http://ift.tt/2jTAcq7
Submitted December 12, 2017 at 11:42PM by volci
via reddit http://ift.tt/2yiGP9N
http://ift.tt/2jTAcq7
Submitted December 12, 2017 at 11:42PM by volci
via reddit http://ift.tt/2yiGP9N
reddit
Phishers Are Upping Their Game. So Should You. • r/security
2 points and 0 comments so far on reddit
Multiple vulnerabilities in glibc's ld.so
http://ift.tt/2Bb2O7F
Submitted December 12, 2017 at 11:13PM by petermal67
via reddit http://ift.tt/2l0Q39E
http://ift.tt/2Bb2O7F
Submitted December 12, 2017 at 11:13PM by petermal67
via reddit http://ift.tt/2l0Q39E
reddit
Multiple vulnerabilities in glibc's ld.so • r/netsec
2 points and 1 comments so far on reddit