serisec

Category: passwords

  • Hong Kong Police Can Force You to Reveal Your Encryption Keys

    Hong Kong Police Can Force You to Reveal Your Encryption Keys According to a new law, the Hong Kong police can demand that you reveal the encryption keys protecting your computer, phone, hard drives, etc.—even if you are just transiting the airport. In a security alert dated March 26, the U.S. Consulate General said that,…

  • LLMs Generate Predictable Passwords

    LLMs Generate Predictable Passwords LLMs are bad at generating passwords: There are strong noticeable patterns among these 50 passwords that can be seen easily: All of the passwords start with a letter, usually uppercase G, almost always followed by the digit 7. Character choices are highly uneven ­ for example, L , 9, m, 2,…

  • On the Security of Password Managers

    On the Security of Password Managers Good article on password managers that secretly have a backdoor. New research shows that these claims aren’t true in all cases, particularly when account recovery is in place or password managers are set to share vaults or organize users into groups. The researchers reverse-engineered or closely analyzed Bitwarden, Dashlane,…

  • Palo Alto Crosswalk Signals Had Default Passwords

    Palo Alto Crosswalk Signals Had Default Passwords Palo Alto’s crosswalk signals were hacked last year. Turns out the city never changed the default passwords. Bruce Schneier Go to bruce schneier

  • Smashing Security podcast #432: Oops! I auto-filled my password into a cookie banner

    Smashing Security podcast #432: Oops! I auto-filled my password into a cookie banner We unpack how some password managers can be tricked into coughing up your secrets, with a clickjacking sleight-of-hand, what website owners can do to prevent it, and how to lock down your personal password vault. Then we time-hope to the post-quantum scramble:…

  • Poor Password Choices

    Poor Password Choices Look at this: McDonald’s chose the password “123456” for a major corporate system. Bruce Schneier Go to bruce schneier

  • New Linux Vulnerabilities

    New Linux Vulnerabilities They’re interesting: Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems. […] “This means that if a local attacker manages…

  • The First Password on the Internet

    The First Password on the Internet It was created in 1973 by Peter Kirstein: So from the beginning I put password protection on my gateway. This had been done in such a way that even if UK users telephoned directly into the communications computer provided by Darpa in UCL, they would require a password. In…