• #security on software development security and web security, security best practices and discussions, break-ins and countermeasures. Everything you ever wanted to know about software security but were afraid to ask, for fear of not understanding the answer!

user information

Security Breach at Unique Vintage

There is news that women’s clothing website Unique Vintage has sent notifications to the customers that the site has been breached and the customer information was exposed. What is interesting is that the website is fully PCI compliant, i.e. it follows all rules for security set forth by the credit card industry. And still, it ...

Read More

Password recovery mechanisms – Part 3

Passwords remain the main means of authentication on the internet. People often forget their passwords and then they have to recover their access to the website services through some kind of mechanism. We try to make that so-called “password recovery” simple and automated, of course. There are several ways to do it, all of them ...

Read More

Password recovery mechanisms – Part 2

Passwords remain the main means of authentication on the internet. People often forget their passwords and then they have to recover their access to the website services through some kind of mechanism. We try to make that so-called “password recovery” simple and automated, of course. There are several ways to do it, all of them ...

Read More

Password recovery mechanisms – Part 1

Passwords remain the main means of authentication on the internet. People often forget their passwords and then they have to recover their access to the website services through some kind of mechanism. We try to make that so-called “password recovery” simple and automated, of course. There are several ways to do it, all of them ...

Read More

IEEE should be embarrassed

“The world’s largest professional association for the advancement of technology” has been thoroughly embarrassed in an accident where they left their log files containing user names and passwords open for FTP access to all on the Net for more than a month, according to a DarkReading report. Or, at least, I think they should be ...

Read More

Digital life wipeout

There is a very interesting article in Wired by one of its authors, Mat Honan, about how his digital life was taken over and wiped out completely in the space of one evening. Read How Apple and Amazon Security Flaws Led to My Epic Hacking.

Read More

More e-mail addresses stolen

According to an article in Digital Trends, Dropbox leaked an unknown number of passwords. The interesting part here is that they claim an attacker had access to an employee’s account where a list of e-mail addresses was found. Dropbox is not making the news for the first time and this time they promise tougher security ...

Read More

Speaking of passwords…

Wouldn’t it be quite logical to talk about passwords after user names? Most certainly. Trouble is, the subject is very, very large. Creating, storing, transmitting, verifying, updating, recovering, wiping… Did I get all of it? It is going to take a while to get through all of that, do you reckon? Let’s split the subject ...

Read More

Keep it simple – user names

All right, now after the lengthy discussion on user names and ids let’s have some simple rules: Do not use sequential numbers for user ids. Do use random numbers for user ids. Do not use any scheme for user names that ties (semi-)public user information to the user name. Use user nicknames (aliases) if “natural” ...

Read More

What’s in a name?

Here is something quite interesting. Nobody ever considers the user names. They are just sort of “given”. Well, are they? Most of the time, they are not. They are assumed and designed into the system one way or another. And they can have an impact on security. An old saying goes that a secure Windows ...

Read More
Copyright © Holy Hash! All Rights Reserved.