Date Author Title

PASSWORD CHANGE

2021-11-15Rob VandenBrinkChanging your AD Password Using the Clipboard - Not as Easy as You'd Think!
2014-05-22Rob VandenBrinkAnother Site Breached - Time to Change your Passwords! (If you can that is)

PASSWORD

2024-08-07/a>Guy BruneauSame Scripts, Different Day: What My DShield Honeypot Taught Me About the Importance of Security Fundamentals [Guest Diary]
2024-07-13/a>Didier Stevens16-bit Hash Collisions in .xls Spreadsheets
2024-06-26/a>Guy BruneauWhat Setting Live Traps for Cybercriminals Taught Me About Security [Guest Diary]
2024-02-28/a>Johannes UllrichExploit Attempts for Unknown Password Reset Vulnerability
2024-01-17/a>Jesse La GrewNumber Usage in Passwords
2024-01-06/a>Xavier MertensAre you sure of your password?
2023-10-29/a>Guy BruneauSpam or Phishing? Looking for Credentials & Passwords
2023-10-15/a>Guy BruneauDomain Name Used as Password Captured by DShield Sensor
2023-09-29/a>Xavier MertensAre You Still Storing Passwords In Plain Text Files?
2023-09-05/a>Jesse La GrewCommon usernames submitted to honeypots
2023-09-02/a>Jesse La GrewWhat is the origin of passwords submitted to honeypots?
2023-08-10/a>Bojan ZdrnjaSome things never change ? such as SQL Authentication ?encryption?
2023-08-04/a>Xavier MertensAre Leaked Credentials Dumps Used by Attackers?
2023-06-05/a>Johannes UllrichBrute Forcing Simple Archive Passwords
2023-04-19/a>Rob VandenBrinkTaking a Bite Out of Password Expiry Helpdesk Calls
2023-02-18/a>Guy BruneauSpear Phishing Handlers for Username/Password
2022-08-13/a>Guy BruneauPhishing HTML Attachment as Voicemail Audio Transcription
2022-05-17/a>Xavier MertensUse Your Browser Internal Password Vault... or Not?
2022-03-10/a>Xavier MertensCredentials Leaks on VirusTotal
2022-02-13/a>Guy BruneauDHL Spear Phishing to Capture Username/Password
2021-11-15/a>Rob VandenBrinkChanging your AD Password Using the Clipboard - Not as Easy as You'd Think!
2021-05-14/a>Xavier Mertens"Open" Access to Industrial Systems Interface is Also Far From Zero
2021-04-24/a>Guy BruneauBase64 Hashes Used in Web Scanning
2021-01-06/a>Johannes UllrichScans for Zyxel Backdoors are Commencing.
2020-07-26/a>Didier StevensCracking Maldoc VBA Project Passwords
2020-07-13/a>Didier StevensVBA Project Passwords
2020-06-10/a>Brad DuncanJob application-themed malspam pushes ZLoader
2020-04-06/a>Didier StevensPassword Protected Malicious Excel Files
2019-11-01/a>Didier StevensTip: Password Managers and 2FA
2018-12-17/a>Didier StevensPassword Protected ZIP with Maldoc
2018-08-22/a>Deborah HaleEmail/password Frustration
2018-07-12/a>Johannes UllrichNew Extortion Tricks: Now Including Your Password!
2017-11-28/a>Xavier MertensApple High Sierra Uses a Passwordless Root Account
2017-05-17/a>Richard PorterWait What? We don?t have to change passwords every 90 days?
2017-04-26/a>Johannes UllrichIf there are some unexploited MSSQL Servers With Weak Passwords Left: They got you now (again)
2017-04-10/a>Didier StevensPassword History: Insights Shared by a Reader
2017-02-07/a>Johannes UllrichMy Password is [taco] Using Emojis for Stronger Passwords
2016-12-07/a>Xavier MertensThe Passwords You Should Never Use
2016-09-15/a>Xavier MertensIn Need of a OTP Manager Soon?
2016-07-21/a>Didier StevensPractice ntds.dit File
2016-06-20/a>Xavier MertensUsing Your Password Manager to Monitor Data Leaks
2015-06-26/a>Daniel WesemannCisco default credentials - again!
2014-09-19/a>Guy BruneauAdded today in oclhashcat 131 Django [Default Auth] (PBKDF2 SHA256 Rounds Salt) Support - http://hashcat.net/hashcat/
2014-08-22/a>Richard PorterOCLHashCat 1.30 Released
2014-08-06/a>Johannes UllrichAll Passwords have been lost: What's next?
2014-05-22/a>Rob VandenBrinkAnother Site Breached - Time to Change your Passwords! (If you can that is)
2013-11-22/a>Rick WannerTales of Password Reuse
2013-07-21/a>Guy BruneauUbuntu Forums Security Breach
2013-06-11/a>Swa FrantzenStore passwords the right way in your application
2013-05-14/a>Jim ClausingSo what passwords are those ssh scanners trying?
2013-03-18/a>Kevin ShorttCisco IOS Type 4 Password Issue: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
2013-01-18/a>Russ McReeInteresting reads for Friday 18 JAN 2013
2013-01-04/a>Daniel WesemannBlue for Reset?
2012-11-15/a>Jim ClausingAnother month another password disclosure breach
2012-07-16/a>Jim ClausingAn analysis of the Yahoo! passwords
2012-06-06/a>Jim ClausingPotential leak of 6.5+ million LinkedIn password hashes
2012-05-22/a>Johannes Ullrichnmap 6 released
2012-01-03/a>Rick WannerAnalysis of the Stratfor Password List
2011-10-10/a>Tom ListonWhat's In A Name?
2011-08-10/a>Johannes UllrichTheoretical and Practical Password Entropy
2011-06-28/a>Johannes UllrichHashing Passwords
2011-05-30/a>Johannes UllrichAllied Telesis Passwords Leaked
2010-12-28/a>John BambenekMozilla Notifies of Relatively Minor Security Breach
2010-12-15/a>Manuel Humberto Santander PelaezHP StorageWorks P2000 G3 MSA hardcoded user
2010-12-13/a>Deborah HaleGawker Media Breach of Security
2010-11-26/a>Mark HofmanUsing password cracking as metric/indicator for the organisation's security posture
2010-08-27/a>Mark HofmanFTP Brute Password guessing attacks
2010-02-25/a>Chris CarboniPass The Hash
2010-02-02/a>Johannes UllrichTwitter Mass Password Reset due to Phishing
2009-12-04/a>Daniel WesemannThe economics of security advice (MSFT research paper)
2009-11-02/a>Daniel WesemannPassword rules: Change them every 25 years
2009-10-23/a>Johannes UllrichLittle new tool: reversing md5/sha1 hashes http://isc.sans.org/tools/reversehash.html
2008-09-22/a>Jim ClausingLessons learned from the Palin (and other) account hijacks

CHANGE

2022-12-22/a>Guy BruneauExchange OWASSRF Exploited for Remote Code Execution
2022-01-02/a>Guy BruneauExchange Server - Email Trapped in Transport Queues
2021-11-15/a>Rob VandenBrinkChanging your AD Password Using the Clipboard - Not as Easy as You'd Think!
2021-09-24/a>Xavier MertensKeep an Eye on Your Users Mobile Devices (Simple Inventory)
2021-08-13/a>Guy BruneauScanning for Microsoft Exchange eDiscovery
2021-03-03/a>Johannes UllrichMicrosoft Releases Exchange Emergency Patch to Fix Actively Exploited Vulnerability
2020-12-08/a>Johannes UllrichDecember 2020 Microsoft Patch Tuesday: Exchange, Sharepoint, Dynamics and DNS Spoofing
2019-01-28/a>Bojan ZdrnjaRelaying Exchange?s NTLM authentication to domain admin (and more)
2017-05-17/a>Richard PorterWait What? We don?t have to change passwords every 90 days?
2016-10-08/a>Russell EubanksUnauthorized Change Detected!
2014-09-26/a>Richard PorterWhy We Have Moved to InfoCon:Yellow
2014-05-22/a>Rob VandenBrinkAnother Site Breached - Time to Change your Passwords! (If you can that is)
2014-04-27/a>Tony CarothersThe Dreaded "D" Word of IT
2014-02-10/a>Rob VandenBrinkA Tale of Two Admins (and no Change Control)
2013-11-29/a>Russ McReeMS Exchange update, includes failed backup fix: http://support.microsoft.com/kb/2892464
2013-08-15/a>Johannes UllrichMicrosoft Pulls MS013-061 due to problems with Exchange Server 2013 http://blogs.technet.com/b/exchange/archive/2013/08/14/exchange-2013-security-update-ms13-061-status-update.aspx
2013-02-22/a>Chris MohanPHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php
2012-12-18/a>Dan GoldbergMitigating the impact of organizational change: a risk assessment
2012-11-23/a>Rob VandenBrinkWhat's in Your Change Control Form?
2012-07-25/a>Johannes UllrichMicrosoft Exchange/Sharepoint and others: Oracle Outside In Vulnerability
2012-05-30/a>Rob VandenBrinkToo Big to Fail / Too Big to Learn?
2012-02-23/a>donald smithDNS-Changer "clean DNS" extension requested
2012-02-20/a>Rick WannerDNSChanger resolver shutdown deadline is March 8th
2011-11-09/a>Russ McReeOperation Ghost Click: FBI bags crime ring responsible for $14 million in losses
2011-08-05/a>donald smithNew Mac Trojan: BASH/QHost.WB
2010-08-19/a>Rob VandenBrinkChange is Good. Change is Bad. Change is Life.
2008-11-25/a>Andre LudwigOS X Dns Changers part three
2008-11-25/a>Andre LudwigTmobile G1 handsets having DNS problems?