Me: Browsing the security of a website.

Tell the website developer that they are using the SHA-1 hashing algorithm for encrypting the credentials of it's registered users.

Them: Yeah, so what?

Me: You shouldn't be using an algorithm which was exploited years ago in the age of 2016.

Them: Don't worry, nothing will happen.

Me: *facepalm*

When your root password is root.

Ten Immutable Laws Of Security

Law #1: If a bad guy can persuade you to run his program on your computer, it's not solely your computer anymore.
Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore.
Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore.
Law #4: If you allow a bad guy to run active content in your website, it's not your website any more.
Law #5: Weak passwords trump strong security.
Law #6: A computer is only as secure as the administrator is trustworthy.
Law #7: Encrypted data is only as secure as its decryption key.
Law #8: An out-of-date antimalware scanner is only marginally better than no scanner at all.
Law #9: Absolute anonymity isn't practically achievable, online or offline.
Law #10: Technology is not a panacea.

Taking IT classes in college. The school bought us all lynda and office365 accounts but we can't use them because the classroom's network has been severed from the Active Directory server that holds our credentials. Because "hackers." (The non-IT classrooms don't have this problem, but they also don't need lynda accounts. What gives?)

So, I got bored, and irritated, so I decided to see just how secure the classroom really was.

It wasn't.

So I created a text file with the following rant and put it on the desktop of the "locked" admin account. Cheers. :)

1. don't make a show of "beefing up security" because that only makes people curious.
I'm referring of course to isolating the network. This wouldn't be a problem except:

2. don't restrict the good guys. only the bad guys.
I can't access resources for THIS CLASS that I use in THIS CLASS. That's a hassle.
It also gives me legitimate motivation to try to break your security.

3. don't secure it if you don't care. that is ALSO a hassle.
I know you don't care because you left secure boot off, no BIOS password, and nothing
stopping someone from using a different OS with fewer restrictions, or USB tethering,
or some sort malware, probably, in addition to security practices that are
wildly inconsistent, which leads me to the final and largest grievance:

4. don't give admin priveledges to an account without a password.

seriously. why would you do this? I don't understand.
you at least bothered to secure the accounts that don't even matter,
albeit with weak and publicly known passwords (that are the same on all machines),
but then you went and left the LEAST secure account with the MOST priveledges?
I could understand if it were just a single-user machine. Auto login as admin.
Lots of people do that and have a reason for it. But... no. I just... why?

anyway, don't worry, all I did was install python so I could play with scripting
during class. if that bothers you, trust me, you have much bigger problems.

I mean you no malice. just trying to help.

For real. Don't kick me out of school for being helpful. That would be unproductive.
Plus, maybe I'd be a good candidate for your cybersec track. haven't decided yet.

-- a guy who isn't very good at this and didn't have to be
have a nice day <3

oh, and I fixed the clock. you're welcome.

Who fucking leaves port 3306 open to the fucking internet? You're a medical practice too.

I don't think I'm supposed to see this webpage after playing with my college website😐🙂

They tell me to only review security in the security reviews I'm doing (and if I bring to attention that they're implementing a weak encryption so even though they're not using it at the moment it might cause issues so be careful with that they say to only review security 😵) and then I see this mssql in a where:
AND ISNULL(field, 0) IS NULL
And I think wtf, should I report that? I did and it's a bug and they're thanking me now....
God dammit it's hard to "review security" here...

I think the fact that even Apple can't unlock your phone if you forget your passcode proves that they use very naive encryption method.

Suppose my data is "Hey This is Some Data" and Passcode is 1234, I could just Jumble this data using that passcode and It will be difficult to decrypt without Passcode. And If data is huge, it will be fairly impossible to do so. But that doesn't make it a good encryption method.

Such encryption, though safe is not practical, Imagine if there was no "Forget Password" Option on any account, I usually forgot my password very often when I was a child.

Apple has been doing such things for years, Using Bad things as a selling point. Apple users are dumb anyways because they don't want to control their phone.

Reset Password is a weak point which might be exploited but in such cases, usability is more important than security. Any service which doesn't allow resetting Password is a shitty service and I would never use such a service, They are too naive.

Im not sure if im a good or bad person by allowing my users to set a weak password.

They get to use almost whatever they want, but it may be bruteforced easily.
I let users decide their own security on that point.

Hi everyone,

One question is constantly popping in my head and I keep fighting to figure out how to answer.

So here it is:
Are you for or agains a password manager to store all your passwords?

P.S.
I am using a paid password manager, but keep asking myself is it really worth it, and am I compromising all my passwords if someone is willing to spend some time and hack my vaults. On the other hand the convenience and benefit of having all passwords in one place and also using different strong passwords for each of my accounts protects me from a weak security implementation on any third party service I use, because I am not re-using the same password everywhere.

People who use weak passwords are the digital equivalent to anti-vaxxers. Not only are they putting themselves at risk, but they can effect everyone else who has a lick of common sense.

Guys, is it possible to catch OTP code sent from a website to phone through the browser just because of a lack of security practice and weak coded script?

3 hotel wifis (in this order):
Unstable, weak and needed to go to a diff building
Literally admin:admin@gateway
WPA (why the fuck did they even >downgrade< the security from the default...)

HIRE THE BEST BITCOIN RECOVERY EXPERT; HOW TO SAFELY RECOVER STOLEN CRYPTOCURRENCY VISIT CYBER CONSABLE INTELLIGENCE

I’ve always felt confident navigating the world of cryptocurrency. As a software engineer, I understood the ins and outs of wallets, private keys, and blockchain security, which made me feel secure in my investments. So, when I found a promising platform that seemed like a great opportunity, I invested $250,000 without hesitation. Unfortunately, I soon learned that my confidence would be shattered by a sophisticated cyber attack. It started with small, unauthorized transactions in my wallet. At first, I thought it was a mistake, but as the activity continued, I realized something was wrong. My wallet had been compromised, but not in the way I had expected. Instead of a simple hack, I had fallen victim to a virus attack. The virus was a piece of malware designed specifically to target cryptocurrency wallets. It infiltrated my system through a vulnerability I hadn’t noticed. Once inside, the virus silently monitored my wallet, captured my private keys, and gave the hackers full access to my funds. It was stealthy and nearly undetectable. The attackers didn’t need to log into my account manually; they could control everything remotely, draining my wallet without my knowledge. I was completely blindsided. As someone familiar with tech, I knew how advanced this virus was. It wasn’t just a typical phishing attack, it was a targeted, silent assault on my financial assets. As my funds disappeared, I realized I might never be able to recover them. Desperate, I turned to a trusted colleague who had gone through a similar situation. They recommended Cyber Constable Intelligence, a company that specializes in recovering stolen crypto assets. I contacted them immediately, and their team quickly started investigating. Cyber Constable Intelligence explained how the virus had exploited a weak point in my security. Using advanced tools, they traced the stolen funds across the blockchain and located them. After a thorough recovery process, they managed to return the entire $250,000.Thanks to their expertise and quick action, I was able to recover my funds. The experience was a wake-up call about how vulnerable even the most cautious can be to sophisticated attacks. Without Cyber Constable Intelligence, I would have lost everything, and I’m grateful for their skill in reversing the damage caused by the virus.
Here's Their Info Below
WhatsApp: 1 (252) 378-7611
mail: cyberconstable @ coolsite net
Website info; www cyberconstableintelligence com

How to Recover Lost or Stolen Crypto – Trustworthy BTC / USDT Recovery Service – Visit CryptoChain Global Track

Losing access to your cryptocurrency can be a devastating experience—especially when it’s caused by scams, hacked wallets, or fraudulent transactions. With the growing popularity of digital assets like Bitcoin (BTC) and USDT (Tether), cybercriminals have become more aggressive and sophisticated, leaving countless victims wondering if they’ll ever recover their funds. Fortunately, there’s hope: CryptoChain Global Track offers a reliable, trustworthy crypto recovery service dedicated to helping you reclaim what’s rightfully yours.

Understanding Crypto Loss: Common Causes
Before diving into recovery, it’s important to understand how crypto assets are most commonly lost:

Phishing attacks – Fake emails or links that trick users into revealing private keys.

Scam investment platforms – Fake exchanges or trading apps that steal user deposits.

Hacked wallets – Unauthorized access due to weak security or malware.

Wrong wallet address transfers – Sending funds to the wrong address with no easy reversal.

In any of these cases, traditional banks or financial institutions offer no recourse. That’s where CryptoChain Global Track comes in.

Why Choose CryptoChain Global Track?
CryptoChain Global Track is a proven leader in the field of cryptocurrency asset recovery. Unlike unverified services that make false promises, they use legitimate blockchain analysis, cyber-forensics, and ethical hacking techniques to trace and recover lost crypto assets.

Here’s what sets them apart:

✅ Trustworthy Reputation – Trusted by clients around the world with a history of successful recoveries.
Advanced Tracking Tools – Capable of analyzing complex blockchain transactions to trace stolen or misdirected funds.
Expert Recovery Team – A team of blockchain analysts, cyber investigators, and legal consultants.
Secure and Confidential Process – Your privacy and security are top priorities.
Support for Multiple Cryptos – Including Bitcoin (BTC), USDT, Ethereum (ETH), and more.

Real Results, Real Testimonials
Victims of crypto fraud who once thought their assets were gone forever have shared powerful testimonials after working with CryptoChain Global Track:

"I lost 6,000 USDT to a fraudulent trading app. I was skeptical at first, but after reaching out to CryptoChain Global Track, I was blown away by their professionalism and fast response. In just a few days, they traced my funds and helped me recover everything. They’re the real deal."

Get Started – Don’t Delay
Time is critical in crypto recovery. The longer you wait, the harder it becomes to track and recover stolen funds. If you’ve lost BTC, USDT, or any other crypto asset, take action now.

CryptoChain Global Track is your trusted partner in recovering lost or stolen cryptocurrency. Don’t accept your loss—fight back with the experts who know how to win.

The crypto market is flooded with web recovery solutions, each claiming to be the best thing since sliced bread. But how do you separate the wizards from the mere mortals? A comparative analysis of various web recovery solutions can help you make an informed decision. It's like conducting a thorough background check on potential roommates—except this time, it's your digital wealth that's at stake. Infinix Web Recovery is aware of how critical it is to stay one step ahead in the dynamic world of cryptocurrencies. Their platform has alarm and monitoring mechanisms that operate in real-time because of this. This enables you to respond quickly to safeguard your assets by identifying any unusual activity or possible threats. You won't have to worry about waking up to discover that your cryptocurrency holdings have vanished for no apparent reason. Credentials are no longer the only means of authentication. Infinix Web Recovery effective user authentication procedures raise the bar for security. You can be guaranteed that only authorized users have access to your cryptocurrency holdings thanks to features like multi-factor authentication and biometric verification. You can stop worrying about having weak passwords and becoming a target of phishing efforts. Infinix Web Recovery knows that your crypto assets are valuable and deserve the highest level of protection. That's why they employ advanced data encryption and secure storage methods. Your sensitive information is transformed into a secret code that's virtually impossible to crack. Rest easy knowing that even if someone gains access to your data, it will be completely useless to them. It's like keeping your crypto stash in a safe within a safe. Crypto asset management is an ongoing process, and so is utilizing Infinix Web Recovery . It's important to regularly update and review your recovery settings to keep up with the ever-changing crypto landscape. Stay proactive and ensure your recovery protocols are up to par, so you can always be one step ahead of potential threats. In the world of cryptocurrencies, where threats and risks lurk in the shadows, it's crucial to have a powerful ally like Infinix Web Recovery . With their real-time monitoring, efficient authentication processes, and secure storage, you can rest easy knowing your assets are protected. The success stories of Jane and John showcase the remarkable capabilities of Infinix Web Recovery in recovering lost funds and preventing hacks. Contact Infinix Web Recovery

Window Replacement Columbus, Ohio: The Ultimate Guide
When it comes to enhancing the energy efficiency, aesthetics, and value of your home, window replacement in Columbus, Ohio
is a smart investment. Whether your windows are outdated, damaged, or simply not performing as they should, replacing them with high-quality, energy-efficient options can make a significant difference. This guide will walk you through everything you need to know about window replacement in Columbus, Ohio.
Why Replace Your Windows?
There are several reasons why homeowners in Columbus choose to replace their windows:
1. Improve Energy Efficiency
Ohio experiences a range of temperatures throughout the year. Energy-efficient windows help maintain indoor comfort by reducing heat loss in winter and keeping cool air inside during summer. Look for ENERGY STAR-rated windows for optimal efficiency.
2. Enhance Curb Appeal
New windows can drastically improve your home's exterior appearance. With various styles, materials, and finishes available, you can customize the look to match your aesthetic preferences.
3. Increase Home Value
According to industry reports, window replacement can offer a high return on investment (ROI). If you plan to sell your home in Columbus, new windows can attract buyers and increase your property's resale value.
4. Reduce Noise Pollution
Living in urban areas or near busy streets? Modern windows with double or triple-pane glass help reduce outside noise, making your home quieter and more peaceful.
5. Enhance Security & Safety
Older windows with weak locks and outdated materials can be a security risk. Newer models offer advanced locking mechanisms and shatter-resistant glass for added protection.
Types of Windows for Columbus Homes
When choosing replacement windows, consider the various styles available:
Double-Hung Windows – A popular choice with two sashes that move up and down, allowing for better ventilation.
Casement Windows – Hinged on one side and open outward, offering excellent airflow and an unobstructed view.
Sliding Windows – Move horizontally along a track, perfect for contemporary homes.
Bay & Bow Windows – Extend outward, adding space and natural light.
Picture Windows – Fixed and designed to provide a clear, expansive view.
Choosing the Right Window Material
Vinyl Windows – Affordable, durable, and low-maintenance.
Wood Windows – Classic and aesthetically pleasing but require regular upkeep.
Fiberglass Windows – Highly durable and energy-efficient.
Aluminum Windows – Strong and lightweight but less insulating than other materials.
Finding the Best Window Replacement Company in Columbus, Ohio
To ensure quality installation and customer satisfaction, consider the following when choosing a window replacement company:
Reputation & Reviews – Check online reviews and ratings on platforms like Google and Yelp.
Experience & Certifications – Look for companies with certifications from leading manufacturers or the National Fenestration Rating Council (NFRC).
Warranty & Guarantees – Choose a provider that offers warranties on both materials and labor.
Free Estimates – Get quotes from multiple companies to compare pricing and services.
Cost of Window Replacement in Columbus, Ohio
The cost of replacing windows varies based on factors such as:
Window size and style
Frame material
Glass type (double-pane, triple-pane, low-E coatings)
Installation complexity
On average, Columbus homeowners can expect to pay between $300 to $1,200 per window, including installation.
Conclusion
Investing in window replacement in Columbus, Ohio can significantly improve your home's comfort, efficiency, and value. By selecting high-quality windows and hiring a trusted contractor, you can enjoy long-term benefits and a great return on investment. Start your search today and find the perfect windows for your Columbus home!