Video game account recovery via twitter. Is this secure?
Hello,When people update my app on android, andoid leaves no data behind from previous install to id the user on my server. So I need some sort of password recovery system. I am opting twitter integration to promote my game too with contests.Here is my system:
1) Someone logs in after an update
2) It asks them their Twitter handle
3) If the Twitter handle is already registered, it gives them a six digit id code.
4) They direct message @Battlemontrue that five digit code
5) @Battlemontrue direct messages them back a five digit code
6) They type this into their mobile device, and their account is recovered and stored.This is mostly just a temporary solution because twitter api doesn't scale well past a couple thousand users.
Submitted March 28, 2018 at 04:37AM by goodnewsjimdotcom
via reddit https://ift.tt/2pJJnwc
Hello,When people update my app on android, andoid leaves no data behind from previous install to id the user on my server. So I need some sort of password recovery system. I am opting twitter integration to promote my game too with contests.Here is my system:
1) Someone logs in after an update
2) It asks them their Twitter handle
3) If the Twitter handle is already registered, it gives them a six digit id code.
4) They direct message @Battlemontrue that five digit code
5) @Battlemontrue direct messages them back a five digit code
6) They type this into their mobile device, and their account is recovered and stored.This is mostly just a temporary solution because twitter api doesn't scale well past a couple thousand users.
Submitted March 28, 2018 at 04:37AM by goodnewsjimdotcom
via reddit https://ift.tt/2pJJnwc
reddit
Video game account recovery via twitter. Is this secure? • r/security
Hello, When people update my app on android, andoid leaves no data behind from previous install to id the user on my server. So I need some sort...
Automation and Orchestration tool to use?
I can't seem to find the differences between the various orchestration and Automation tools for security firms. I want to automate alot of the tasks in my CISO.Which do you recommend and why? Like what are the differences?I know about rapid7, alienvault, phantom and threatconnect
Submitted March 28, 2018 at 04:19AM by gorerillaz
via reddit https://ift.tt/2pM6llB
I can't seem to find the differences between the various orchestration and Automation tools for security firms. I want to automate alot of the tasks in my CISO.Which do you recommend and why? Like what are the differences?I know about rapid7, alienvault, phantom and threatconnect
Submitted March 28, 2018 at 04:19AM by gorerillaz
via reddit https://ift.tt/2pM6llB
reddit
Automation and Orchestration tool to use? • r/security
I can't seem to find the differences between the various orchestration and Automation tools for security firms. I want to automate alot of the...
Wells Fargo – Online Banking Authentication Weakness - Mostly Technical Writeup
https://ift.tt/2pKItPe
Submitted March 28, 2018 at 06:54AM by Angrymilks
via reddit https://ift.tt/2J0w9Dm
https://ift.tt/2pKItPe
Submitted March 28, 2018 at 06:54AM by Angrymilks
via reddit https://ift.tt/2J0w9Dm
Gh0st - Security Blog About Nothing
Wells Fargo – Online Banking Authentication Weakness / “Feature”
Try as I might to contact Wells Fargo regarding an almighty issue of issues regarding their authentication logic. So let’s say your password that you set purposely to “SuperDuperPassword” or better…
Facial recognition technology can now text jaywalkers a fine
https://ift.tt/2urdoWx
Submitted March 28, 2018 at 08:04AM by robert_brooks
via reddit https://ift.tt/2pLwtgA
https://ift.tt/2urdoWx
Submitted March 28, 2018 at 08:04AM by robert_brooks
via reddit https://ift.tt/2pLwtgA
New York Post
Facial recognition technology can now text jaywalkers a fine
Jaywalkers in China are to be named, shamed and slapped with an instant SMS fine.
And it’s all thanks to cutting-edge artificial intelligence.
In the southeastern city of Shenzhen, police have
And it’s all thanks to cutting-edge artificial intelligence.
In the southeastern city of Shenzhen, police have
Students Information and their Student No.
Do you think it's okay to show to public a complete list of student of a school in their website along with their Name, Course/Degree, Year of Attendance, year of graduation and their Student No.?
Submitted March 28, 2018 at 07:33AM by ojnabable
via reddit https://ift.tt/2IW6jQK
Do you think it's okay to show to public a complete list of student of a school in their website along with their Name, Course/Degree, Year of Attendance, year of graduation and their Student No.?
Submitted March 28, 2018 at 07:33AM by ojnabable
via reddit https://ift.tt/2IW6jQK
reddit
Students Information and their Student No. • r/security
Do you think it's okay to show to public a complete list of student of a school in their website along with their Name, Course/Degree, Year of...
How to Prevent Retail Shrinkage
https://ift.tt/2J2dpU6
Submitted March 28, 2018 at 12:59PM by scorpionsecurities17
via reddit https://ift.tt/2I9FSpy
https://ift.tt/2J2dpU6
Submitted March 28, 2018 at 12:59PM by scorpionsecurities17
via reddit https://ift.tt/2I9FSpy
reddit
How to Prevent Retail Shrinkage • r/security
2 points and 0 comments so far on reddit
Not sure if repost, but this pod gives some great highlights of the sites that expose your data
https://ift.tt/2HLZdOh
Submitted March 28, 2018 at 10:24AM by DayOfReckoning47
via reddit https://ift.tt/2IXytLg
https://ift.tt/2HLZdOh
Submitted March 28, 2018 at 10:24AM by DayOfReckoning47
via reddit https://ift.tt/2IXytLg
Timothy De Block
What's happening in OSINT?
In this open edition of the Exploring Information Security podcast, I sit down with Micah Hoffman, Kerby Plessas, and Josh Huff to discuss Open Source INTelligence (OSINT). Micah Hoffman ( @WebBreacher ) is a SANS instructor who will be teaching a brand…
I’ve tested seventy VPN providers and 16 of them leaks users’ IPs via WebRTC (23%)
https://ift.tt/2Ghkv58
Submitted March 28, 2018 at 01:40PM by nibblesec
via reddit https://ift.tt/2GgT5wj
https://ift.tt/2Ghkv58
Submitted March 28, 2018 at 01:40PM by nibblesec
via reddit https://ift.tt/2GgT5wj
VoidSec
VPN Leak - VoidSec
VPN leaks users’ IPs via WebRTC. I’ve tested seventy VPN providers and 16 of them leaks users’ IPs via WebRTC (23%)
Use rtl-sdr to turn your cheap DVB-T dongle into a high quality entropy source
https://ift.tt/1CaAEF3
Submitted March 28, 2018 at 02:54PM by liotier
via reddit https://ift.tt/2pLSsVv
https://ift.tt/1CaAEF3
Submitted March 28, 2018 at 02:54PM by liotier
via reddit https://ift.tt/2pLSsVv
GitHub
pwarren/rtl-entropy
rtl-entropy - An entropy generator using SDR peripherals, including rtl-sdr and BladeRF
Charles Proxy Now Available on iOS
https://ift.tt/2IZ69YR
Submitted March 28, 2018 at 03:56PM by yawnful
via reddit https://ift.tt/2E1p9SQ
https://ift.tt/2IZ69YR
Submitted March 28, 2018 at 03:56PM by yawnful
via reddit https://ift.tt/2E1p9SQ
Charlesproxy
Charles for iOS • Charles Web Debugging Proxy
Charles Web Debugging Proxy - Official Site
Academics Discover New CPU Side-Channel Attack Named BranchScope
https://ift.tt/2GAXHRz
Submitted March 28, 2018 at 04:40PM by zexterio
via reddit https://ift.tt/2pMvsVr
https://ift.tt/2GAXHRz
Submitted March 28, 2018 at 04:40PM by zexterio
via reddit https://ift.tt/2pMvsVr
BleepingComputer
Academics Discover New CPU Side-Channel Attack Named BranchScope
A team of academics from four US universities have discovered a new side-channel attack that takes advantage of the speculative execution feature in modern processors to recover data from users' CPUs.
Still, haven't applied SSL? Here's why you should do it right now.
https://ift.tt/2pK4azO
Submitted March 28, 2018 at 05:43PM by ded1cated
via reddit https://ift.tt/2utMcq4
https://ift.tt/2pK4azO
Submitted March 28, 2018 at 05:43PM by ded1cated
via reddit https://ift.tt/2utMcq4
WebARX
Why HTTPS Is Important And How To Choose SSL Certificate?
63,2% of internet users are using Google Chrome as their internet browser. And the latest updates that Google has made on Chrome make sure, that any website that has no security layer (SSL certificate) will be marked as insecure.
When Quantifying Risk, Make It Real And Tangible
https://ift.tt/2pN5hh9
Submitted March 28, 2018 at 05:41PM by Uminekoshi
via reddit https://ift.tt/2pMiF6l
https://ift.tt/2pN5hh9
Submitted March 28, 2018 at 05:41PM by Uminekoshi
via reddit https://ift.tt/2pMiF6l
Nehemiah Security
When Quantifying Risk, Make it Real and Tangible - Nehemiah Security
“If your friend was put in charge of measuring cyber risk at their company, what advice would you give them?”
Crypto is not cryptocurrency
https://ift.tt/2C3fafp
Submitted March 28, 2018 at 06:03PM by Geniacohl3
via reddit https://ift.tt/2E2m8BU
https://ift.tt/2C3fafp
Submitted March 28, 2018 at 06:03PM by Geniacohl3
via reddit https://ift.tt/2E2m8BU
Exploiting Facebook data for stealing your friends’ digital identities
https://ift.tt/2pLP8Zu
Submitted March 28, 2018 at 06:00PM by f3d_0x0
via reddit https://ift.tt/2GDk8VW
https://ift.tt/2pLP8Zu
Submitted March 28, 2018 at 06:00PM by f3d_0x0
via reddit https://ift.tt/2GDk8VW
Medium
Exploiting Facebook data for stealing your friends’ digital identities
DISCLAIMER
Still haven't applied SSL? Here's why you(or your client) should do it now.
https://ift.tt/2pK4azO
Submitted March 28, 2018 at 05:44PM by ded1cated
via reddit https://ift.tt/2E255zP
https://ift.tt/2pK4azO
Submitted March 28, 2018 at 05:44PM by ded1cated
via reddit https://ift.tt/2E255zP
WebARX
Why HTTPS Is Important And How To Choose SSL Certificate?
63,2% of internet users are using Google Chrome as their internet browser. And the latest updates that Google has made on Chrome make sure, that any website that has no security layer (SSL certificate) will be marked as insecure.
Security In 5: Episode 204 - Facebook Fail - How To Limit Your Presence On Facebook
https://ift.tt/2pJyuKS
Submitted March 28, 2018 at 06:39PM by BinaryBlog
via reddit https://ift.tt/2GlLSLG
https://ift.tt/2pJyuKS
Submitted March 28, 2018 at 06:39PM by BinaryBlog
via reddit https://ift.tt/2GlLSLG
Libsyn
Security In Five Podcast: Episode 204 - Facebook Fail - How To Limit Your Presence On Facebook
Facebook has no concern about your privacy, that's a proven fact. They want to gather as much information about your private life the better because that allows higher prices to advertisers to better 'customize' ads you see. If you aren't ready to dump Facebook…
iOS camera QR code URL parser bug
https://ift.tt/2IVc0i7
Submitted March 28, 2018 at 08:55PM by EvanConover
via reddit https://ift.tt/2GB9dfG
https://ift.tt/2IVc0i7
Submitted March 28, 2018 at 08:55PM by EvanConover
via reddit https://ift.tt/2GB9dfG
Monero-Mining HiddenMiner Android Malware Can Potentially Cause Device Failure
https://ift.tt/2Gf9VeX
Submitted March 28, 2018 at 08:52PM by EvanConover
via reddit https://ift.tt/2Gg6wN3
https://ift.tt/2Gf9VeX
Submitted March 28, 2018 at 08:52PM by EvanConover
via reddit https://ift.tt/2Gg6wN3
Trendmicro
Monero-Mining HiddenMiner Android Malware Can Potentially Cause Device Failure - TrendLabs Security Intelligence Blog
We uncovered a new Android malware that can surreptitiously use the infected device's computing power to mine Monero: HiddenMiner. This Monero-mining Android app’s self-protection and persistence mechanisms include hiding itself from the unwitting user and…
Lazarus Group Targets More Cryptocurrency Exchanges and FinTech Companies
https://ift.tt/2pKSTiu
Submitted March 28, 2018 at 08:45PM by 0xbaadf00dsec
via reddit https://ift.tt/2Girlrj
https://ift.tt/2pKSTiu
Submitted March 28, 2018 at 08:45PM by 0xbaadf00dsec
via reddit https://ift.tt/2Girlrj
Intezer
Lazarus Group Targets More Cryptocurrency Exchanges and FinTech Companies - Intezer
Introduction Cyber attacks from the Lazarus Group, a threat actor associated with North Korea, has not slowed down and their malware toolset continues to evolve. A few months ago, we published a general research of the Lazarus Group and the Blockbuster campaign…
How many external websites, apps and domains do you have? Compare Shodan.io vs ImmuniWeb Discovery.
https://ift.tt/2GhGFEh
Submitted March 28, 2018 at 08:07PM by htbridgedigital
via reddit https://ift.tt/2GA8cEx
https://ift.tt/2GhGFEh
Submitted March 28, 2018 at 08:07PM by htbridgedigital
via reddit https://ift.tt/2GA8cEx
Htbridge
External Web Applications Discovery with Shodan and ImmuniWeb®
How many external websites, applications and (sub)domains does your company have? Compare free application discovery service by Shodan and ImmuniWeb® Discovery.