|
I'm a founding member of my company's new security team. A week ago, I was a hobbyist with an OSCP certification. We're starting on risk assessment, prioritization, and all that, but I'd love any links y'all might have (or books to read) that'll help us out.
|
# ¿ Jan 6, 2017 03:51 |
|
|
# ¿ May 5, 2024 20:17 |
|
pr0zac posted:lastpass doesn't use cloudflare and even if it did it wouldn't have affected security of their product either How to get a password from Okta: 1. Ask its API (providing credentials) 2. Look at password on the wire It's HTTPS, but it still ain't good. Their browser plugin uses this, though it may be limited to sites that don't support SAML and/or don't have it enabled. Achmed Jones fucked around with this message at 04:14 on Feb 25, 2017 |
# ¿ Feb 25, 2017 04:07 |
|
Re: the equation group files, changing quotes to fancy directional quotes strikes again.
|
# ¿ Apr 8, 2017 17:10 |
|
Subjunctive posted:allowing inverted case is fine, people have done the math If they're taking the given password on login, generating both normal and inverted-case hashes, and then comparing both of these to the hash generated from a case-sensitive password in the database, sure. If they're downcasing new passwords and saving that hash, much less so.
|
# ¿ May 3, 2017 06:12 |