Don’t buy passwords! Generate your own!

A few years ago, a service called "Diceware Passwords" was created. Recently, it has gained a reputation as a way to receive "cryptographically secure" passwords. The general concept of this service is that someone will create a password by rolling a dice a few times and then picking the numbered words out of a dictionary. In this blog post, I am going to go through some of the ridiculous claims that are on their website and why they are incorrect/misleading.

Advertisements

Scams, Phishing and Web Forgery.

Scams are all over the internet. All of them socially engineer vulnerable people into believing them. Here is a list of how to spot some of the most common used on the internet! Websites that say "You have won the lottery" or something similar are almost always scams. There are rare cases where it just … Continue reading Scams, Phishing and Web Forgery.

What are state-sponsored attacks?

If you are wondering why I am re-writing this blog post, it is because the old version was terrible and didn't explain it very good. State-sponsored attacks / incidents are where government organizations target and attack certain companies such as Google or Facebook and try to steal personal information. This information often contains things which … Continue reading What are state-sponsored attacks?

MITM: Loading a https logon form over http

Ok, we talked about XSS before, lets talk about MITM now. MITM (Short for Man In The Middle) is a security flaw / risk in many websites. MITM attacks usually happen when a website has a weak TSL (Transport Security Layer) or a website has loaded parts over http (Without TSL) and parts over https … Continue reading MITM: Loading a https logon form over http

WordPress was comprimised!

WordPress was comprimised by the Nuetrino Exploit Kit. This exploit kit installs backdoors on WordPress sites running older versions of the content management system (4.2 and older). It then redirects the victim through a series of iFrames to a landing page hosting a Flash exploit. The exploit targets users running Internet Explorer and the victims … Continue reading WordPress was comprimised!

XSS: Loading a https logon form over http

Ok, so I saw this on twitter and I decided to take a look at it: https://twitter.com/troyhunt/status/633011868596989952 The response from EnglishNationalOpera was amazing, I couldn't believe it: https://twitter.com/E_N_O/status/632915065130381312 Now, you are probably thinking "What's going on?" - It's simple, EnglishNationalOpera does not understand the risks of having a https logon form being loaded over http. … Continue reading XSS: Loading a https logon form over http