Tag Archives: InfoSec

How to create app-specific passwords in Google

Sometimes you’re going to run across an application that uses the Google API, but for whatever reason does not support 2-factor authentication. Google has wisely built an infrastructure for such incidents. In your security settings, you can create “burner” passwords that can be used for specific applications. You typically don’t need to remember or write down these passwords because they are persistent on the device accessing Google, only accessible to one application, and can easily be exchanged for a new code if ever compromised. To get one of these passwords, head over to http://myaccount.google.com/security

If you’ve never used this section of Google before, it would be beneficial to take a couple of minutes to familiarize yourself with the options available before proceeding. When you’re ready, scroll down to “Signing in to Google” under the “Sign-in & security” section.

Screen Shot 2016-01-17 at 3.38.08 PM

In the screenshot above, you can see the “App passwords” heading on the bottom-right. Click this section and you will likely be prompted to enter your Google password again before accessing the app passwords section.

The following page will present you with a list of applications using specific passwords. To create a new password, just select the appropriate options from the drop-down menus and click “Generate”. You’ll be presented with a 16-character password that you can use to log in persistently with a particular application (such as Outlook or Apple Mail). If the password is ever compromised, you can simply click the “Revoke” button and the password is burned forever.

Also on:

It’s Time to Enable Two-Step Authentication on Everything. Here’s How.

If you don’t already have two-step authentication enabled on your all your accounts, you really need to turn it on for anything sensitive. Here’s how.

Source: It’s Time to Enable Two-Step Authentication on Everything. Here’s How.

Five strategies for reclaiming our personal privacy online

Our privacy is being exploited commercially by the oligopoly of Silicon Valley. With so little control over our online lives, how can we reclaim the balance?

Source: Five strategies for reclaiming our personal privacy online | Technology | The Guardian

Watch What You Say: The Cloud Might Be Listening

Welcome to the latest, weirdest phase of our relationship with technology: machines that eavesdrop on us.

Source: Watch What You Say: The Cloud Might Be Listening | WIRED

Also on:

Your Unhashable Fingerprints Secure Nothing

Remember: Your fingerprints are public record. Your fingerprints are NOT secret. Your fingerprints are easily duplicated. Do not use them to secure anything.

Source: Your Unhashable Fingerprints Secure Nothing | Hackaday

Also on:

The $24 Billion Data Business That Telcos Don’t Want to Talk About

Charging you out of house and home on the front end, then selling out your data on the back end? When will we demand that these Goliaths behave better?

Under the radar, Verizon, Sprint, and other carriers have partnered with firms including SAP to manage and sell data.

Source: The $24 Billion Data Business That Telcos Don’t Want to Talk About

Also on:

How to Protect Yourself from NSA Attacks on 1024-bit DH

Honestly, even if you “have nothing to hide”, it’s still a good idea to beef up your security settings. Privacy is a basic human right, and to give up on that right is to give up on freedom itself.

In a post on Wednesday, researchers Alex Halderman and Nadia Heninger presented compelling research suggesting that the NSA has developed the capability to decrypt a large number of HTTPS, SSH, and VPN connections using an attack on common implementations of the Diffie-Hellman key exchange algorithm with 1024-bit primes.

Source: How to Protect Yourself from NSA Attacks on 1024-bit DH | Electronic Frontier Foundation

White Hat Hackers Would Have Their Devices Destroyed Under the TPP

Did you know that it is illegal to disclose security vulnerabilities under the DMCA? Did you know that the only way we know about security vulnerabilities is by trying to break them? Did you know that the TPP would make this even more difficult, dangerous, and backwards to legitimately act in the best interests of the public?

Did you know that this is also one step away from becoming law?

It could leave the internet of things fundamentally insecure.

Source: White Hat Hackers Would Have Their Devices Destroyed Under the TPP | Motherboard

What’s in a Boarding Pass Barcode? A Lot

Perhaps you should think twice before simply discarding that old boarding pass.

Source: What’s in a Boarding Pass Barcode? A Lot — Krebs on Security

Also on:

OPM says 5.6 million fingerprints stolen in cyberattack, five times as many as previously thought

That’s okay, we’ll just revoke all their fingerprints and issue them all new ones…oh, wait….

That’s more than five times the 1.1 million figure the agency had cited in earlier updates.

Source: OPM says 5.6 million fingerprints stolen in cyberattack, five times as many as previously thought – The Washington Post

Also on: