Bypassing Google’s Two-Factor Authentication: Some months ago, we found a way to (ab)use ASPs to gain full control over Google accounts, completely circumventing Google’s 2-step verification process. We communicated our findings to Google’s security team, and recently heard back from them that they had implemented some changes to mitigate the most serious of the threats we’d […]

LinkedIn DNS hijacked, site offline: LinkedIn just got DNS hijacked, and for the last hour or so, all of your traffic has been sent to a network hosted by this company [confluence-networks.com]. And they don’t require SSL, so if you tried to visit, your browser sent your long-lived session cookies in plaintext.

A tale of 102 RFID cards: EM4100 protocol cards are factory programed with an 8bit Customer or Version ID, 32bit unique code and some parity information. [..] This gives a total keyspace of 4,294,967,296 (2^32) or 1,099,511,627,776 (2^40) if you are using unique Customer or Version ID’s. At the theoretical minimum transmission speed of 28ms […]

Chi protegge la tua rete aziendale? Molti non affrontano correttamente il problema della sicurezza. E tu? ISGroup Srl è una struttura indipendente specializzata in IT Security in grado di offrire servizi e prodotti di sicurezza informatica di livello qualitativo elevato. ISGroup è il partner ideale per proteggere il tuo business gestendo i rischi legati all’accesso abusivo a […]