Mastodawn

Ehm ... 🕵️ 🔓

"Microsoft Edge loads every saved password into memory the moment the browser opens"

https://hackingpassion.com/microsoft-edge-cleartext-passwords

#microsoftedge #microsoft #cybersec #infosec #itsec #devops #cleartext #passwords

Microsoft Edge Stores Every Saved Password in Cleartext Memory at Startup

Microsoft Edge decrypts your entire password vault into memory at startup. Microsoft calls it by design. Here is what that means and what to do.

HackingPassion.com : [email protected][~]

smeg 1d ago

GitHub is a dumpster fire of unreliability and now this. Has anyone checked on Microsoft? Are they okay?

Microsoft Edge Stores All Saved Passwords in Cleartext Process Memory at Launch
https://cybersecuritynews.com/microsoft-edge-passwords-cleartext/

#infosec #cybersecurity #edge #microsoft #msedge #cleartext

Martin Boller

Mar 3

https://www.cyloq.se/en/research/cve-2026-0714-tpm-sniffing-luks-keys-on-an-embedded-device

#Moxa #TPM #SPI #LogicAnalyzer #Keys #Cleartext

[CVE-2026-0714] TPM-sniffing LUKS Keys on an Embedded Device

In October 2025, we performed a security assessment of the ARM-based Moxa UC-1222A Secure Edition industrial computer.

卡拉今天看了什麼 Jul 14, 2024

Linksys Velop routers send Wi-Fi passwords in plaintext to US servers

Link📌 Summary:

根據Testaankoop的調查，發現兩款Linksys路由器正在以明文的方式將Wi-Fi登入資訊傳送到位於美國的亞馬遜(AWS)伺服器，包括Linksys Velop Pro 6E和Velop Pro 7這兩款mesh路由器。這個漏洞讓攻擊者能夠攔截傳輸過程中的Wi-Fi網路名稱(SSID)和密碼，從而進行竊聽和惡意攻擊。儘管Testaankoop多次向Linksys提出警告，但該公司並未採取有效措施，直到Testaankoop再次聯絡後才進行了更新，但仍未解決問題。這個問題可能源於Linksys固件中使用的第三方軟體，但無論如何，這種漏洞仍然存在，即使是最新的Linksys 7 Pro，都無法避免。研究人員建議消費者不要購買這些路由器，因為存在嚴重的網路入侵和資料損失的風險。

🎯 Key Points:

Testaankoop發現兩款Linksys路由器在明文中將Wi-Fi登入資訊傳送到AWS伺服器，包括Linksys Velop Pro 6E和Velop Pro 7。
這個漏洞讓攻擊者能夠攔截SSID和密碼，進行竊聽和惡意攻擊。
Testaankoop多次向Linksys提出警告，但該公司未採取有效措施。
更新後的固件仍無法解決問題。
這個問題可能源於Linksys固件中使用的第三方軟體，但無論如何，這種漏洞仍然存在。
研究人員建議不要購買這些路由器，並建議用戶更改Wi-Fi網路名稱和密碼。

#Linksys #router #meshnetworking #dataprotection #cybersecurity #vulnerability #AWS #thirdpartysoftware #SSID #password #cleartext #plaintext #man-in-the-middle #attack #firmware #security #wiring #hacking #officeenvironments #Patagonia #AI #privacyviolation #classactionlawsuit #Snowflake #MFA #databreaches

🔖 Keywords:

#Linksys #router #meshnetworking #dataprotection #cybersecurity #vulnerability #AWS #thirdpartysoftware #SSID #password #cleartext #plaintext #man-in-the-middle #attack #firmware #security #wiring #hacking #officeenvironments #Patagonia #AI #privacyviolation #classactionlawsuit #Snowflake #MFA #databreaches

Linksys Velop routers send Wi-Fi passwords in plaintext to US servers

According to Testaankoop, the Belgian equivalent of the Consumers' Association, two types of Linksys routers are sending Wi-Fi login details in plaintext

Stack Diary

Bob K Mertz

Mar 8, 2023

@sammi

You are incorrect. A signal app looks up the phone number and if that number has a Signal account it's *not* sent via SMS. Two signal clients ALWAYS use the Signal protocol unless you specifically hold down the send button and intentionally select insecure message *each time*.

@atoponce @signalapp

#data #signal #sms #phone #encrypted #cell #cleartext

Christian Pietsch (old acct.)May 10, 2022

If you are a command line and text terminal fan like myself, chances are you are using this trio daily:

– #pass for managing #passwords,
– #mutt for reading and writing #email,
– #msmtp for sending out e-mails via weird mail servers such as #MS #Exchange that mutt cannot talk to directly.

Today I figured out how to make them work together without entering or storing #cleartext passwords.

I am using GNU/Linux and have #gpg agent working.

I used pass to store my e-mail (and #ActiveDirectory) password under the name uni/mail. This generated the encrypted file ~/.password-store/uni/mail.gpg. So …

In ~/.muttrc, I put:
set imap_pass=`gpg2 --no-tty -q -d ~/.password-store/uni/mail.gpg`

In ~/.msmtprc, I put:
passwordeval gpg2 --no-tty -q -d ~/.password-store/uni/mail.gpg

Whenever I change this password, all I have to do is to store it using pass. The other programs will fetch it from there and decrypt it when they need it.

#CLI #PGP #GnuPG #MUA #SMTP #IMAP #GNU #Linux

puresick Aug 19, 2019

23 gigabytes elasticsearch database leaked, including 1 million fingerprints, other biometric data and unhashed passwords

https://threatpost.com/fingerprints-of-1m-exposed-in-public-biometrics-database/147345/

#leak #elasticsearch #database #security #biometric #fingerprint #facial #recognition #unhashed #cleartext #password

Millions of Biometrics Exposed in Open Database

A publicly accessible database exposed the fingerprints and facial recognition information of millions, thrusting biometrics security into the spotlight once again.

Threatpost - English - Global - threatpost.com