password protection


Researchers Improve Random-Number Generation with Forced Memory ‘Twitching’

A German research team has now developed a true random number generator that
uses an extra layer of randomness by making a computer memory element,
a flip-flop, twitch randomly between its two states 1 or 0. Immediately
prior to the switch, the flip-flop is in a “metastable state” where its
behavior cannot be predicted. Read the full article. [ScienceDaily]

Password Protocol OAuth Gets New Variant

The developers behind the OAuth protocol have developed a new variant called OAuth WRAP that is simpler and easier to implement. It’s a stop-gap solution that will enable broader OAuth adoption while
OAuth 2.0, the next generation of the specification, is devised by a
working group that is collaborating through the Internet Engineering
Task Force (IETF). Read the full article. [Ars Technica]


The micro-blogging service rejects 370 passwords when new users sign up if
it thinks they are too easy to guess. However, bloggers recently discovered
that the list of banned passwords is embedded in the source code of the page
itself. Read the full article. [Telegraph UK]

Nigel Parkinson, president of Parkinson Construction who built the D.C Convention Center and Nationals baseball stadium, fell victim to phony SSN email site that stole passwords, including those to the company’s bank account where money mules were used to steal funds. Read the full article. [Washington Post]

Microsoft’s Computer Online Forensic Evidence Extractor (COFEE) has made it into the hands of pirates, and their virtual ships are distributing it. The COFEE application lets officers grab data from password-protected or encrypted sources. That means you can now break the law twice over: download the software and then use it to steal information from other people’s computers.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.