conferences
Useful password hashing: How to waste computing cycles with style
Password-based authentication is widely used today, despite problems with security and usability. To control the negative effects of some of these problems, best practice …
Authentication using visual codes: what can go wrong
Several password replacement schemes have been suggested that use a visual code to log in. However the visual code can often be relayed, which opens up a major vulnerability. …
Building an OATH-compliant authentication server for less than $100
Using a Raspberry Pi nanocomputer and the multiOTP open source library, André Liechti showcases how to how to create an OATH-compliant authentication server at PasswordsCon …
Tales of passwords, cyber-criminals and daily used devices
Specific embedded devices are targeted by criminals in order to gain access or utilize for further attacks. Modems are attacked to change DNS-servers for advertising or …
Tracking botnets using automatically generated domains
Stefano Zanero is an Assistant Professor at Politechnico di Milano, where he focuses on systems security. Modern botnets rely on domain-generation algorithms (DGAs) to build …
Bypassing security scanners by changing the system language
A substantial security oversight is present in a variety of penetration testing tools, and it has to do with the different languages that a computer system can be set up to …
Video: Advanced password recovery and modern mitigation strategies
Think about all the passwords we use to access information every day. Whether it is email, social media, financial institutions or numerous other services, passwords have …
How to social engineer a social network
Social engineering has for a while now been cyber attackers’ best bet to enter systems and compromise accounts when actual hacking doesn’t work, or when they …
A new classification for potentially unwanted mobile apps
What are PUAs (Potentially Unwanted Applications), and how should they be classified in the mobile (specifically Android) environment? PUAs are not technically malware, and …
Building an information security awareness program from scratch
Most security awareness programs suck. They involve canned video presentations or someone from HR explaining computer use policies. Others are extremely expensive and beyond …
Can you trust the apps you use?
With the advent of smartphones, the word “app” has almost become a synonym for pleasure. Whatever you need, whatever you want is right there at your fingertips, …
Video: Operationalizing security intelligence in the enterprise
Many organizations say they acquire and use security intelligence for the benefit of their organizations – but few actually do this right. While security intelligence is …
Featured news
Resources
Don't miss
- Redis patches critical “RediShell” RCE vulnerability, update ASAP! (CVE-2025-49844)
- Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882)
- How to get better results from bug bounty programs without wasting money
- Hackers launch data leak site to extort 39 victims, or Salesforce
- Cl0p exploits Oracle E-Business Suite zero-day in data theft, extortion campaign (CVE-2025-61882)