ajuvo ✔
boosted
deutrino
boosted
What is a Passkey?
Passkey pop up everywhere, Mike Pound explains what they are!
— "If I set my Passkeys on my laptop how I can use it on my phone?"
— "You can't!"
🔑 https://www.youtube.com/watch?v=xYfiOnufBSk
#passkeys #explains #login #weblogin #it #password #youtube #video #yt #itsec #token #itsecurity #computerphile #passkey
What is a Passkey?
Passkey pop up everywhere, Mike Pound explains what they are!
— "If I set my Passkeys on my laptop how I can use it on my phone?"
— "You can't!"
🔑 https://www.youtube.com/watch?v=xYfiOnufBSk
#passkeys #explains #login #weblogin #it #password #youtube #video #yt #itsec #token #itsecurity #computerphile #passkey
Emily Gladstone Cole
boosted
Don’t let MFA lull you into complacency. Advanced phishing kits can still slip through.
Before the Thanksgiving holiday, one of our customers alerted us to an Evilginx MITM phishing campaign targeting university students and SSO portals. At least 18 American institutions were targeted.
We tested several approaches for large-scale detection, including analyzing web server fingerprints and HTTP artifacts. However, this proved challenging because Evilginx operates as a proxy between the victim’s browser and the legitimate login page, making its behavior and content nearly indistinguishable from the real site. In the end, we mostly relied on DNS for confirmation and classification.
Here is a short blog about the campaign and actor, including involved domains and IPs.
https://blogs.infoblox.com/threat-intelligence/dns-uncovers-infrastructure-used-in-sso-attacks/
#InfobloxThreatIntel #dns #evilginx #threatintel #threatintelligence #infosec #cybersecurity #cybercrime #infoblox #phishing #mitm #aitm #sso #mfa #university #students #proxy #login
Don’t let MFA lull you into complacency. Advanced phishing kits can still slip through.
Before the Thanksgiving holiday, one of our customers alerted us to an Evilginx MITM phishing campaign targeting university students and SSO portals. At least 18 American institutions were targeted.
We tested several approaches for large-scale detection, including analyzing web server fingerprints and HTTP artifacts. However, this proved challenging because Evilginx operates as a proxy between the victim’s browser and the legitimate login page, making its behavior and content nearly indistinguishable from the real site. In the end, we mostly relied on DNS for confirmation and classification.
Here is a short blog about the campaign and actor, including involved domains and IPs.
https://blogs.infoblox.com/threat-intelligence/dns-uncovers-infrastructure-used-in-sso-attacks/
#InfobloxThreatIntel #dns #evilginx #threatintel #threatintelligence #infosec #cybersecurity #cybercrime #infoblox #phishing #mitm #aitm #sso #mfa #university #students #proxy #login
Michael Dexter
and 1 other
boosted
I smile each time I turn on my laptop.
To each, their own, obviously, but, for me, GNOME is a gorgeous desktop.
@neil
That reminds me to post my favourite welcome screen / authentication desktop background picture.
Free for anyone to use for the porpose of a login screen 🙂
I mean, these ain't like in the old days where a few Megabytes got you #Pidgin and other Multi-Protocol Clients of the old days where everyone had to implement bespoke, custom and incompatible and *often completely undocumented, proprietary * protocols like #ICQ, #AIM, #SIPE, etc.
- Nowadays all these do have some kind of #WebApp or Web Interface one can just login (because *none of them do proper #E2EE with #SelfCustody of all the keys!) so this should be way easier these days: All they do is do HTTP(S) GET/POST so the most critical part is to attain credentials like a #Login #cookie and to basically run a console on i.e. #Firefox to reverse-engineer the #API...
Just released: #swad 0.5
swad is the "Simple Web Authentication Daemon", meant to add authentication using a #cookie and a #login form to your reverse proxy. It's designed for #nginx' "auth_request" module. It's written in pure #C with very few external dependencies (zlib, and depending on build options OpenSSL/LibreSSL and #PAM).
And with this release, it also allows guest logins using the crypto puzzle you may already know from #Anubis!
Read more in the release notes, grab the .tar.xz and build/install it 😎
And here's the "real world" usage 😎
So now I can give ppl a #login for #swad with a monthly changing password to access my #poudriere logs. Hopefully still keeps the #bot hordes out.
