Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
hachyderm.io is one of the many independent Mastodon servers you can use to participate in the fediverse.
Hachyderm is a safe space, LGBTQIA+ and BLM, primarily comprised of tech industry professionals world wide. Note that many non-user account types have restrictions - please see our About page.

Administered by:

Server stats:

9.1K
active users

hachyderm.io: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#passwords

22 posts15 participants3 posts today
Replied in thread
Public *
Brad Rubenstein “:verified: 
Mothers maiden name: 5472615884
First car owned: 3656654851
Favorite color: 2580548933

They get generated and stored in the password manager, for each account as needed.

The advantage of ten digit numbers is that they are easy to communicate to a customer service agent over the phone.

IME, no agent has ever batted an eye. It's not even lying. It's just being clear on the purpose.

@marasawr

#Passwords#SecretQuestions#Authentication
Public
Felix Palmen :freebsd: :c64:

Next #swad improvement: Make sure to #wipe #passwords from RAM directly after used. That's more of a #security precaution, because there *should* be no way how an attacker can access a running process' memory, but you never know which bugs surface 🙈.

Unexpectedly, that posed #portability issues. #C11 has #memset_s ... a pretty weird function, but suitable for wiping. It's there on #FreeBSD and on #OpenBSD. Not on #NetBSD though. But NetBSD offers the much saner #C23 function #memset_explicit. Looking at #Linux, there's neither. But there is the (non-standard!) #explicit_bzero 🤯 .. and with glibc, it requires _DEFAULT_SOURCE to be defined as soon as you compile with a C standard version given to the compiler. This function exists on some other systems as well, but there's confusion whether it should be declared in string.h or strings.h. 🤪

Here's the full set of compile-tests I'm now doing, only to find the best way to really erase memory:
github.com/Zirias/swad/blob/ma

And if none of these functions is found, swad uses the "hacky" way that most likely works as well: Access the normal memset function via a volatile pointer.

Simple Web Authentication Daemon. Contribute to Zirias/swad development by creating an account on GitHub.
GitHubswad/src/bin/swad/swad.mk at master · Zirias/swadSimple Web Authentication Daemon. Contribute to Zirias/swad development by creating an account on GitHub.
Public
OTX Bot

CVE-2025-24054, NTLM Exploit in the Wild

A critical vulnerability, CVE-2025-24054, related to NTLM hash disclosure via spoofing, has been actively exploited since March 19, 2025. The flaw allows attackers to leak NTLM hashes or user passwords using a maliciously crafted .library-ms file, potentially compromising systems. A campaign targeting government and private institutions in Poland and Romania used malspam to distribute Dropbox links containing archives exploiting this vulnerability. The exploit can be triggered with minimal user interaction, such as right-clicking or navigating to the folder containing the malicious file. This vulnerability appears to be a variant of the previously patched CVE-2024-43451, sharing several similarities.

Pulse ID: 680034fc84efc0751b3bc07d
Pulse Link: otx.alienvault.com/pulse/68003
Pulse Author: AlienVault
Created: 2025-04-16 22:53:48

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#CyberSecurity#Dropbox#Government
Public
Turris project

Thanks to our #TurrisSentinel #security #research program, #CZNIC #CSIRT team discovered large scale #FTP #attack. Coming from 45.78.4.0/22, it is #bruteforcing #slowly - it takes it 19 day to get through it's #passwords. Big thanks to everybody who helps us by running our #minipots on their devices! Report in #Czech is available on CSIRT website csirt.cz/cs/kyberbezpecnost/ak

csirt.czDistribuovaný FTP bruteforcer - Aktuálně z bezpečnosti - CSIRTAktuálně z bezpečnosti
ExploreLive feeds
About