#login
I can finally say I've upgraded successfully to #Fedora40. It was not without hassle this time and it started with what seemed to be a system that did not even give me a prompt after #rebooting, although the update process had seemed to go smoothly and quickly. Luckily, the virtual screens were working and so I could #login to a #shell. Although #sddm didn't seem to be working, #kdm was and so I was able to open a desktop session, but only in #Gnome. There were still problems running #kde #programs such as #konsole and #korganizer as some #qt #libraries were missing. Installing those allowed the programs to run. Also, no #audio devices were being detected and so I couldn't play any clips, etc.
Today I found that #kwin was also lacking a library (#qtsensors) and so after that was installed and I rebooted the machine, I found that sddm was working again and so I could log in to the #kde session that I usually do. Also, the #sound issue was solved by removing the directory #wireplumber from ~/.local/state.
Git-Rotate: Leveraging #GitHub Actions to Bypass #Microsoft Entra Smart lockout
Source: https://research.aurainfosec.io/pentest/git-rotate/
Despite advancements in #cybersecurity, #password #spraying attacks remain a prevalent and effective technique for attackers attempting to gain unauthorised access to #cloud - based infrastructure and web applications by targeting their login portals. Password spraying involves attempting a small number of common passwords against a large number of usernames. This makes it difficult for #security systems to detect and mitigate as they often avoid common protections such as #account lockout policies by avoiding rapid or repeated login attempts for a single account. Attackers can easily obtain lists of commonly used passwords or use automated tools to generate potential passwords, increasing the likelihood of success.
A leaky #database spilled #2FA codes for the world’s tech giants
source: https://techcrunch.com/2024/02/29/leaky-database-two-factor-codes/
A #technology company that routes millions of #SMS text messages across the world has secured an exposed database that was spilling one-time #security codes that may have granted users’ #access to their #Facebook, #Google and #TikTok accounts.
#news #fail #cybersecurity #problem #economy #internet #account #login #authentication #mobile #software
#NSA and #CISA Red and Blue Teams Share Top Ten #Cybersecurity Misconfigurations
source: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-278a
1) Default configurations of software and applications
2) Improper separation of user/administrator privilege
3) Insufficient internal network monitoring
4) Lack of network segmentation
5) Poor patch management
6) Bypass of system access controls
7) Weak or misconfigured multifactor authentication (MFA) methods
8) Insufficient access control lists (ACLs) on network shares and services
9) Poor credential hygiene
10) Unrestricted code execution
#usa #internet #security #administrator #configuration #knowledge #knowhow #top10 #network #login
Étude : combien de temps pour pirater votre mot de passe en 2023 ?
Il est préférable d’utiliser un mot de passe différent pour chaque plateforme, et d’éviter les mots simples.
Par exemple, pour forcer un mot de passe de 11 caractères composé de chiffres, de minuscules, de majuscules et de symboles, Hive Systems estime que 3 ans sont nécessaires, contre 34 ans il y a un an.
Pour une sécurité maximale, vous pouvez opter pour un mot de passe de 18 caractères de tous types : il faudra 26 trillions d’années pour le forcer.
Le spécialiste ajoute également que le temps nécessaire pour forcer un mot de passe peut varier en fonction du nombre et de la puissance des cartes graphiques utilisées par le hacker.
https://www.blogdumoderateur.com/etude-temps-pirater-mot-de-passe-2023/
Le réutilisation d’un même mot de passe, même s’il est long et varié, constitue un risque important.
https://www.blogdumoderateur.com/etude-votre-mot-de-passe-assez-long-securise/
#hivesystem #Specopssoftware #hash #md5 #salt #login #mdp #motdepasse #sécurité #informatique
Perfectly Good MacBooks From 2020 Are Being Sold for #Scrap Because of Activation #Lock
Source: https://www.vice.com/en/article/xgybq7/apple-macbook-activation-lock-right-to-repair
Secondhand MacBooks that retailed for as much as $3,000 are being turned into parts because recyclers have no way to #login and factory reset the machines, which are often just a couple years old.
#mac #macbook #Apple #environment #resources #fail #waste #technology #problem #news #economy #software #security
Internet
I'm really annoyed by the #Internet of today:
- #Trackers and #data #collection everywhere
- #JavaScript-heavy #Web #applications instead of document-oriented #websites
- No #JavaScript most often translates to an empty page with a single sentence: "Please activate JavaScript"; the page content however is often nothing that actually requires JavaScript, the website creators just want to feel like actual #application #developers, so they re-build much of what the #browser already supplies with #inefficient and #bug heavy JavaScript code
- Content almost always behind a #login wall
- More often than not only very superficial #information
- #Ads
- Thousands of 3rd party JS files included, most of which have the only purpose of tracking you across websites
- #Misinformation and #biased #information everywhere
- Deliberately misleading advertisment, sich as "save 80% now", and artificial time pressure)
- "Best viewed on #Google #Chrome"
- "Login with Facebook"
- Newsletter subscription and cookie pop-ups featuring #dark #patterns
- #Search #engine #optimization ( #SEO ) acts in the worst interest of the user by skewing search results
- Artificial restriction of web #app functionality to promote their native apps
- Large parts of the Web are only accessible by #smartphone
- You have to provide your #phone #number to login
- If you didn't provide a phone number, your account is being blocked right after the initial login because we suspect you being malicious actor because why not (=> #Instagram, #Facebook)
- #Proprietary #platforms are required to participate in public #online life (Amazon, Google, Facebook, Instagram, Twitter, YouTube)
- One-sentence-paragraphs and sloppy language (especially found in #Medium #articles)
- "We care about your #privacy" actually means: "We were forced by law to do this shit, we just want to collect and store as much information on you as possible to make money off of you now or in an undescript future"
- JavaScript code minimizer
- Large font sizes, much whitespace, large illustrative, but useless images, HD screen required to browse most websites
- Lack of #government #regulation and #law #enforcement, too many malicious actors (#spam, #phishing, etc.)
- Emotional content to increase #interaction, #clickbait
Once being an open platform geared towards information exchange and bringing people into contact, most of the public Internet today is nothing but annoying useless #marketing, #advertising and #data #collection. Providing information, connecting people, and making life convenient is definitely NOT the primary goal of whoever is big on the Internet today. It's shocking to see how much of it is only to sell you stuff or to sell your information.
And the worst is: we are even paying them to do this shit. #Marketing spending will be reflected in product prices, and with much of marketing being done in 1st world countries, a substantial amount of the price goes into this destructive industry.
I could go on with this for hours. Really sick of it.
The Force won’t save you from these breached #passwords #StarWarsDay
source: https://specopssoft.com/blog/the-force-wont-save-you-breached-passwords-starwarsday/
Top 20 Star Wars themed passwords found in breached lists:
yoda
starwars
ewok
hansolo
darthvader
bobafett
darthmaul
grogu
obiwankenobi
lukeskywalker
macewindu
anewhope
plokoon
mandalorian
princessleia
kyloren
kuiil
iamyourfather
quigonjinn
rogueone
#password #security #starWars #fans #fail #problem #login #news
How an 8 year old exploited #Zoom to get a time off from home schooling
source: https://twitter.com/mfpiccolo/status/1360685864100237318
After hours on the phone with Zoom tech support the techs are completely stumped. They say that the account was locked at some point but my sister knows there has been hundreds of login attempts from multiple locations so that makes sense.
...
The more times you do this, the longer the wait period for you to get back into Zoom. She also noticed that the error that is presented to a user when they are locked is “Incorrect password” and not “your account has been locked”. My niece found the #exploit and combined it with her cute 8 year old face, a face that never could tell a lie much less pull off an elaborate scheme to trick no less that 8 adults for 3 weeks straight.
#school #education #technology #internet #support #children #hacker #news #password #login #error
This is the Master-Face that hacked your #login ...
source: https://www.unite.ai/master-faces-that-can-bypass-over-40-of-facial-id-authentication-systems/
Researchers from #Israel have developed a neural network capable of generating ‘master’ faces – facial images that are each capable of impersonating multiple IDs.
How Hackers Used #Slack to Break into #EA #Games
A representative for the hackers told Motherboard in an online chat that the process started by purchasing stolen cookies being sold online for $10 and using those to gain access to a Slack channel used by EA.
...
The hackers then requested a multifactor #authentication token from EA IT support to gain access to EA's corporate #network. The representative said this was successful two times.
Once inside EA's network, the hackers found a service for EA developers for compiling games. They successfully logged in and created a virtual machine giving them more visibility into the network, and then accessed one more service and downloaded #game #source #code.
more here: https://www.vice.com/en/article/7kvkqb/how-ea-games-was-hacked-slack
#security #hack #hacker #news #details #story #cookie #login
