Category: Access Control, Authentication, & Identity Management

Learn how security and network administrators restrict access, grant authorization, and authenticate their users.

PenTest Edition: Using Shodan to Locate Internet-Connected Devices (Webcams, Servers, Routers, and More)

With Shodan, there's no hiding on the Internet. Shodan is a search engine that allows users to locate devices that are connected to the Internet, such as webcams, routers, servers, traffic lights, baby monitors, SCADA systems, Internet of Things (IoT) devices, and so forth. Shodan began back in 2009 as a small project created by ...

Timehop was Hacked – Data Breach Exposes 21 Million Users

Timehop, the extremely popular app that allows users to share their previous moments, has reported that it was the victim of a major data breach over the holiday, which took place on the Fourth of July. Timehop is available for both iOS and Android smartphone users and, since its startup in 2011, the app has ...

The Recent 4G LTE Network Vulnerabilities and Attacks

In this blog post, I'll discuss the design and operation of a 4G LTE network. In hindsight, I realize topics such as these can get extremely lengthy. For that reason, I'll limit this discussion down to only the necessary technical details required to understand these new LTE attacks, while excluding any complicating, non-essentials. These new ...

Over 3,000 iOS and Android Apps Leak 100 Million User Sensitive Records via Misconfigured Firebase Backends

When building an app that needs to store and share data from a server, software developers can rely on Google's Firebase Realtime cloud-hosted database. This Infrastructure as a Service (IaaS) removes serious time constraints by providing app developers with maintenance and support, offline support, and real-time synchronization of data with clients in real-time. And, since ...

Firewalls: A Fundamental Introduction

The defense in-depth design is a security philosophy that proposes we protect our assets and networks with multiple levels of security. The idea is not strictly limited to technical security controls, as management and operational controls have their rightful place in the defense in-depth approach. However, many aspiring and enthusiastic young learners falsely attribute the ...