Week 18 in Information Security, 2018
https://ift.tt/2jpFXes

Submitted May 04, 2018 at 12:40AM by undercomm
via reddit https://ift.tt/2w8vM7c

Twitter apologizes for logging plain text passwords
https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html

Submitted May 04, 2018 at 01:52AM by korrosivo
via reddit https://ift.tt/2KyBYZm

Is it a no-win for this email user?
So I'm strongly suspecting that the answer to this is..."Sucks to be him", but we have a user at our organization whose account is being attacked. Because this user has a nice strong password, the only outcome is that the user's account gets locked for X min numerous times per day.The attacker has already shifted IP enough that blocking offending IPs and ranges would be a full time job.The user has a public profile, so changing their email address wouldn't help (the attacker would likely get the new address before the user had a chance to share it.)Any thoughts? Anyone know of a technique or tool which might be useful?

Submitted May 04, 2018 at 01:40AM by DocSharpe
via reddit https://ift.tt/2FGhFWm

Twitter urges users to change passwords, saying glitch caused them to be stored in plaintext
https://t.co/FGbw7IvBQ9 https://t.co/8BwQOA9T7Q - via Reuters

Submitted May 04, 2018 at 02:57AM by MrMag0-0
via reddit https://ift.tt/2w8OawK

Twitter urges users to change passwords, saying glitch caused them to be stored in plaintext
https://t.co/FGbw7IvBQ9 https://t.co/8BwQOA9T7Q - via Reuters

Submitted May 04, 2018 at 02:57AM by MrMag0-0
via reddit https://ift.tt/2w8OawK

Yahoo! fined! $35m! for! covering! up! massive! IT! security! screwup!
https://ift.tt/2HYKcJt

Submitted May 04, 2018 at 02:46AM by EvanConover
via reddit https://ift.tt/2ria240

Does anyone have the Table of Contents for Eran Hammer's “Beginner's Guide to OAuth”?
It looks like Eran Hammer's "Beginner's Guide to OAuth" was moved to medium and it doesn't contain links to each of the parts (https://hueniverse.com/the-oauth-1-0-guide-32503205267e).A Google search returns 3 parts:Part 1: https://hueniverse.com/beginners-guide-to-oauth-part-i-overview-e164ab2c662fPart 2: https://hueniverse.com/beginners-guide-to-oauth-part-ii-protocol-workflow-200dbcfac627Part 3: https://hueniverse.com/beginners-guide-to-oauth-part-iii-security-architecture-e9394f5263b5However, I would like to confirm there isn't more

Submitted May 04, 2018 at 04:15AM by johnnyodonnell
via reddit https://ift.tt/2IeHT7A

Twitter tells all 330M users to change passwords after ‘bug’ discovered
https://ift.tt/2HPyoME

Submitted May 04, 2018 at 04:02AM by mynameis_neo
via reddit https://ift.tt/2wap0Or

Twitter Passwords May Be Compromised, Could Be One of the Largest Data Breaches in History
https://ift.tt/2jso7rn

Submitted May 04, 2018 at 05:14AM by kmball11
via reddit https://ift.tt/2HNUwmD

Twitter password exposure. Asks all users to reset passwords
https://ift.tt/2JN6n59

Submitted May 04, 2018 at 06:08AM by aldoreddit
via reddit https://ift.tt/2riuEsS

Spectre NG
https://ift.tt/2waZbOm

Submitted May 04, 2018 at 08:34AM by Tlaurion
via reddit https://ift.tt/2Id5ply

Experian and Lifelock advertise that they can scan the dark web for you. Isn't the merchandise hidden until you buy it?
No text found

Submitted May 04, 2018 at 10:00AM by nsfwdreamer
via reddit https://ift.tt/2KAx8uM

Twitter urges all users to change passwords after glitch
https://ift.tt/2IaGdfy

Submitted May 04, 2018 at 09:01AM by boppinmule
via reddit https://ift.tt/2wf96T2

Cisco WebEx Advanced Recording Format Remote Code Execution Vulnerability
https://ift.tt/2HIOSGn

Submitted May 04, 2018 at 10:39AM by PeterG45
via reddit https://ift.tt/2FG6s84

How bad is it to use google voice for 2FA?
I understand that if someone were to hack the email, the phone number would be compromised. However, what if the email is protected by 2FA as well, using an actual phone number? I understand that they could still get in but it'd be a bit of a hassle. Some services, when you enable 2FA with a phone number, will allow people to search for your phone number, or attempt to connect you with people in your contacts against your will which is why I'd rather use google voice. It's better than nothing, despite being less secure than an actual phone number, I suppose. Some services also only let you use one phone number per account, even if you have multiple accounts which is annoying.

Submitted May 04, 2018 at 12:03PM by deeptoot2332
via reddit https://ift.tt/2HMnKGw

Student loan company tells 16,500 borrowers of data breach
https://ift.tt/2JS8q7Q

Submitted May 04, 2018 at 02:49PM by GemmaJ123
via reddit https://ift.tt/2IaK0t5

Security In 5: Episode 231 - Tools, Tips and Tricks - LetsEncrypt
https://ift.tt/2rjy91B

Submitted May 04, 2018 at 06:38PM by BinaryBlog
via reddit https://ift.tt/2KB1s8n

PagerDuty makes their security training public
https://ift.tt/2ps3MFi

Submitted May 04, 2018 at 06:24PM by strozykowski
via reddit https://ift.tt/2rjrXr2

Warnings from German researches over potential new processor flaws.
https://ift.tt/2jrXym0

Submitted May 04, 2018 at 07:47PM by jews4beer
via reddit https://ift.tt/2FJnAd9

So you want to be a security engineer? resources and guidelines for someone wanting to enter the profession
https://ift.tt/2u4mckK

Submitted May 04, 2018 at 08:55PM by yourbasicgeek
via reddit https://ift.tt/2rm3iBp

The Unhackable Envelope
https://ift.tt/2HNvSm1

Submitted May 04, 2018 at 11:09PM by Tazebr123
via reddit https://ift.tt/2rpC7G2