Remove Authentication Remove e-Delivery Remove Libraries Remove Passwords
article thumbnail

Hundreds of millions of Android users exposed to hack due to CVE-2020-8913

Security Affairs

Hundreds of millions of Android users are potentially exposed to the risk of hack due to the use of Android Play Core Library versions vulnerable to CVE-2020-8913. The CVE-2020-8913 flaw is a local, arbitrary code execution vulnerability that resides exists in the SplitCompat.install endpoint in Android’s Play Core Library.

Libraries 122
article thumbnail

API Security 101 for Developers: How to Easily Secure Your APIs

ForAllSecure

Or, a delivery app could use the API to calculate the best route between two locations. Broken Authentication and Session Management Authentication is the process of verifying the identity of a user or system. Session management is the process of managing user sessions once they are authenticated.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Hacker Mind Podcast: Going Passwordless

ForAllSecure

Passwords are everywhere, but they probably weren't intended to be used as much as they are today. Maybe you are at an organization that requires you to change your passwords every 90 days or so, and so you have password fatigue -- there are only so many variations you can do every 90 days or so. I must have the password.

article thumbnail

The Hacker Mind Podcast: Hacking Behavioral Biometrics

ForAllSecure

A lot of times we depend on usernames and passwords, but those really aren’t enough. So we include other telemetry that seeks to authenticate that the entity logging in is who they say they are. Without a basic ability to authenticate these characters, there’d be no drama, no romance, no tragedy. Think about it.

article thumbnail

The Hacker Mind: Hacking IoT

ForAllSecure

In 2013, researcher Nitesh Dhanjani found that a popular brand used simple MD5 hashes of the device's MAC addresses for authentication. Problem is, MAC addresses are not great for authentication. It's like using a hash of your street address, as the password for your front door.

IoT 52
article thumbnail

The Hacker Mind: Hacking IoT

ForAllSecure

In 2013, researcher Nitesh Dhanjani found that a popular brand used simple MD5 hashes of the device's MAC addresses for authentication. Problem is, MAC addresses are not great for authentication. It's like using a hash of your street address, as the password for your front door.

IoT 52