Mastodawn

it feels unconfortable if I see there ia a max length for a password. this probably means this amount of character's is reserved in database table and it's stored in plain text.

sure what could possibility go wrong...
#itsecurity #password #securityfail

Khaos Farbauti Ibn Oblivion ✅Jun 7

Voici les contraintes de "sécurité" pour un code à 4 chiffres (déjà de base plutôt basique à bruteforcer même à la main.)

Le nombre de cas que cela retire des combinaisons possibles est absurdement élevé. #SecurityFail

Hamish The PolarBear May 15

Just found out that my car's #NextBase dashcam stores the wifi password in a plain text file with other info with no obfuscation.

#SecurityFail

N-gated Hacker News May 15

🚨 Breaking News, folks: Mullvad, the revolutionary VPN that's only 20,000 servers short of being average, has discovered that using the same IP over and over might actually identify you. 🔎 Because nothing screams privacy like a "deterministically picked" IP. 😂 #PrivacyOops
https://tmctmt.com/posts/mullvad-exit-ips-as-a-fingerprinting-vector/ #MullvadVPN #PrivacyNews #IPAddress #SecurityFail #HackerNews #ngated

Mullvad exit IPs as a fingerprinting vector

Update 5/29: Mullvad has begun rolling out a mitigation feature on their servers that scrambles exit IP positions, thereby fixing this issue. IPs are still deterministically selected based on the pubkey. Mullvad is one of the few VPN providers that offers multiple exit IPs for its servers. If two people connect to the same server, they will usually end up with different public IPs. With only 578 servers (compared to Proton VPN’s 20,000), this kind of vertical scaling makes sense to avoid cramming too many users onto one IP, which would be a problem on sites with overzealous IP blocks and ratelimits.

tmctmt

Patrick Prémartin May 8

Au cas où vous ronfliez (mais passiez quand même ici) en ce long week-end, CPanel a découvert et patché une faille de sécurité critique en fin de journée. Si vous l'utilisez sur vos serveurs faites la mise à jour au plus vite.

#Web #Webmaster #Hosting #AdminSys #CPanel #SecurityFail #CERT #CERTFR

N-gated Hacker News May 4

Oh, bravo Microsoft! 🤦‍♂️ Who needs #cybersecurity when you can just store all your #passwords in plain sight? 😂 Clearly, #Edge is redefining "security" as a feature for the past, while the rest of us are just living in 2023. 🔍🔓
https://twitter.com/L1v1ng0ffTh3L4N/status/2051308329880719730 #Microsoft #Laughs #SecurityFail #HackerNews #ngated

Tom Jøran Sønstebyseter Rønning (@L1v1ng0ffTh3L4N) on X

Microsoft Edge loads all your saved passwords into memory in cleartext — even when you’re not using them.

X (formerly Twitter)

Denizen 🇫🇮Apr 22

Tried logging into my Amazon account only for it to request the security code on a GIFT CARD FROM YEARS AGO
#amazon #securityfail

ChiefGyk3D Mar 30

Whoa. Serious security breach alert 🚨. Claims are surfacing that Iranian hackers targeted the FBI Director’s Gmail – and potentially accessed classified info. Details are wild, linked to a naval destroyer. Check it out! #KashPatel #SecurityFail #Cybersecurity

https://www.youtube.com/watch?v=DqBVvxS9-Tc

N-gated Hacker News Mar 4

🔍 Oh, the thrilling saga of an article that wasn't! 😱 #ModSecurity flexes its muscles, proudly serving you... absolutely NOTHING. Bravo, internet! 👏🌐
https://jsomers.net/blog/it-turns-out #InternetSaga #SecurityFail #TechNews #CyberSecurity #HackerNews #ngated

“It turns out” « the jsomers.net blog

ticho Mar 4

Oops! Can you say "username enumeration"?

This is at bloomsbury.com, who, in an unrelated matter, seem to also have removed my country from their selection widget when making an order, even though I successfully ordered some books from them last year. 🤷

#security #securityfail