Archive for the ‘Authentication’ Category
Posted by jpluimers on 2025/12/11
Nog. niet gecontroleerd, maar wellicht werkt dit ook voor (fragmenten van) radiouitzendingen?
Uit een draad over het liedje “Met puntjes” van Joke Bruijs die een paar maanden terug enkele dagen na haar boezem vriend en ex-man Gerard Cox overleed¹.
Ionica Smeets schreef over het liedje op Mastodon², maar de link naar de audio van de podcast [Wayback/Archive] Andermans Veren – Beluister Andermans Veren zondag 14 januari 2018 | Podcasts | NPO Radio 5 verdween al snel.
Omdat ik al eerder een probleem had met de audio van [Wayback/Archive] Keihard de Beste – NPO Podcast te downloaden, dook ik in de CDN die de NPO gebruikt.
De archivers hadden er wat problemen mee dus het staat in 2 stukken:
- [Wayback/Archive] Jeroen Wiert Pluimers: “@ionica ik ga het je proberen uit te leggen. En dan kan jij het vast in veel simpeler bewoording weer terug uitleggen zodat anderen het ook begrijpen. …” – Mastodon
- …
- [Wayback/Archive] Jeroen Wiert Pluimers: “@ionica hopelijk heb ik je een beetje kunnen helpen met je opmerkingen in…” – Mastodon
- …
- ³
Er waren wat zijstapjes naar onder meer hoe je een goede vraag op het internet moet stellen, dus de draad werd lang (:
Hieronder de volledige tekst, aangevuld met wat gearchiveerde links. Maar eerst twee versies van het liedje “Met puntjes” van Joke Bruijs: opnamen van 1986 en 1988:
Read the rest of this entry »
Posted in Authentication, CDN (Content Delivery Network), Cloud, CSS, Development, Hashing, HMAC, HTML, Infrastructure, Power User, Security, Software Development, Web Development | Leave a Comment »
Posted by jpluimers on 2025/05/05
Installing the Authy iOS app on a Apple Silicon Mac (M1/M2/M3/…) used to be the way to keep using Authy in the Mac Desktop, as early this year Authy announced their desktop applications would shut down by August (links further below).
I missed the September 2024 post [Wayback/Archive] Tell HN: Twilio quietly removes Authy iOS app from Mac App Store, stops updates | Hacker News, which basically means that if you had it installed on a Mac, it will keep being installed but never updated.
This was done silently by Authy owner Twilio making new installs are possible, never updating old installs any more thereby effectively decreasing your security.
Anyway: if you want to try side-loading, this is the iOS app link: [Wayback/Archive] Twilio Authy on the App Store.
Sideloadly (links further below)Â might work, but in reality it likely is better to have your MFA running on a separate device.
Read the rest of this entry »
Posted in 2FA/MFA, Authentication, Power User, Security, TOTP (Timebase One Time Pads) | Leave a Comment »
Posted by jpluimers on 2024/11/12
Posted in 2FA/MFA, Authentication, Development, Hardware, Hardware Interfacing, Power User, Security, Software Development, U2F FIDO Security Keys, USB, USB | Leave a Comment »
Posted by jpluimers on 2024/10/29
At the time of writing [Wayback/Archive] Two-Factor Authentication & Data Protection | Duo Security is supposed to be free for up to 10 users.
That seems to be an excellent opportunity to re-learn MFA things as it has been a while since I have done big work in that area.
Duo was one of the very many Cisco acquisitions and I wonder how it fits into the Cisco landscape.
Documentation bits to start at:
Read the rest of this entry »
Posted in 2FA/MFA, Authentication, Development, Mobile Development, Power User, Security, Software Development, Web Development | Leave a Comment »
Posted by jpluimers on 2024/09/30
Based on [Wayback/Archive] Windows 10/11: Skip Security Questions When Adding Local User, [Wayback/Archive] Remove Security Questions when setting up Local Account in Windows and others:
- if during initial Windows 10/11 setup you add a user with a password, then it will ask you for 3 security questions
- if you do not want these 3 security questions:
- leave the password blank when adding the user
- after first logon, press Ctrl-Alt-Del and change the password from blank to an actual password
Via [Wayback/Archive] windows 10 skip security questions – Google Search.
–jeroen
Posted in Authentication, Power User, Security, Windows, Windows 10, Windows 11 | Leave a Comment »
Posted by jpluimers on 2024/09/27
This is why I do not trust ordering via QR-code: you never know how good (or usually bad, often even non-existent) their security is.
[Wayback/Archive] What’s inside the QR code menu at this cafe? – by peabee is a really bad example about Google backed DotPe: they have zero-auth and by now have rated limited API access by IP address.
…
I went to a cafe near my home. I sat down and scanned the QR code on the table. It took me to a website displaying the cafe’s menu. It asked me for my name and Whatsapp mobile number. I entered the details and placed the order.
In 5 mins my order arrived at the table. There was no OTP verification, and no one came to confirm the order. Is this what the peak ordering experience looks like?
It was a slow workday, and I thought I might as well open this QR code website on my laptop and have a quick look under the hood. Maybe I should’ve just made my own coffee and stayed home because I didn’t realize I was opening a can of worms.
…
This kind of zero-auth is not infrequent: the Panels API and CDN were wide-open too: [Wayback/Archive] https://storage.googleapis.com/panels-api/data/20240916/media-1a-i-p~s
Read the rest of this entry »
Posted in Authentication, Development, Infosec (Information Security), LifeHacker, Phishing, Power User, Security, Software Development | Tagged: 1 | Leave a Comment »
Posted by jpluimers on 2024/07/12
There is a Blast-RADIUS exploit that makes many uses of RADIUS vulnerable as they depend on MD5, and MD5 collisions have been sped up considerably. Basically only RADIUS TLS seems safe now.
The Blast-RADIUS logo on the right reminded me about using grenades in a game 40+ years old, so lets digress: Archive.org is such a great site, with for instance the original Apple ][ Manual of Castle Wolfenstein by MUSE Software (the manual is written in Super-Text which they also sold):
The PDF from [Archive] Instruction Manual: Castle Wolfenstein from Muse Software : Free Download, Borrow, and Streaming : Internet Archive is at
[Archive.org PDF view/Archive.is] archive.org/download/1982-castle-wolfenstein/1982-castle-wolfenstein.pdf
Screenshot
The trick in that game when entering a room full of SS-officers was to throw a grenade into a chest of grenades in the middle of that room, then quickly leaving the room, waiting a few seconds then re-entering that room.
Not many moves further, you would find the chest with the war plans and find the exit, then finish the game.
Back to Blast RADIUS
Read the rest of this entry »
Posted in 6502, Apple, Apple ][, Authentication, Hashing, History, md5, Power User, Security | Leave a Comment »
Posted by jpluimers on 2024/02/06
In a game of Walls and Ladders (similar to Arms Race), the Ladders usually win, see the references at the end of the post.
The actual “game” in this case is more and more sites trying to build walls prevent pasting credential related information like user IDs (often e-mail addresses) or passwords often citing “more safety” or “less security risks”, and users get taller ladders wanting to do just that because of their own security concerns:
[Wayback/Archive] Stef 🎈 on Twitter: “Dear mobile/web-apps, please never never disable copy and paste “due to security reasons”. -everybody with a password manager.”
The walls will always loose so it is better to invest the money for the walls into other security measures.
Given that most of the risks are web-sites getting that information exfiltrated, I wish they put more energy into bolting down that side of the security risk side than the hampering legitimate users entering that information in the first place.
Since so many of these sites have leaked my information in the past, any email address I use for activating an account is like 50 characters long. Something I am not going to type once (because of typing mistakes) and definitely not twice (to confirm I did not make typing mistakes).
Read the rest of this entry »
Posted in Authentication, Chrome, Clipboard, Development, Google, HTML, JavaScript/ECMAScript, Power User, Scripting, Security, Software Development, Web Development | Leave a Comment »
The Wiert Corner - irregular stream of stuff 