Tag: white hat hackers

The Password Problem No One Is Answering

Why “They Just Hacked It” Is Not a Serious Explanation Consider the following password: Uk$&5SlV[sSkGlAqP@.%ysP&!5M)vv6iD!D^~j5,0.nAN^#[JbxX9t?DHhVa15U_i6lBdsPJXjMAe8k28Znbr3ygwB_9Rap0[e That is a 100-character password, composed of uppercase letters, lowercase letters, numbers, and special symbols—drawn from the full printable ASCII character set. This password is not used alone. It is paired with Google Authenticator, Google’s official time-based one-time password (TOTP)…
Request for Independent Security Review — NCIC Jail Communication App (Public-Interest Inquiry)

security@eff.org,info@eff.org,tips@propublica.org,security@themarkup.org,tips@theintercept.com,disclosures@citizenlab.ca,contact@citizenlab.ca,security@aclu.org,tips@wired.com,security@mozilla.org,bugcrowd@bugcrowd.com,disclosures@hackerone.com,security@torproject.org,press@torproject.org,security@wikimedia.org,info@openprivacy.ca,contact@privacyinternational.org,security@openrights.org,tips@bellingcat.com Good afternoon, I am reaching out to request an independent, good-faith security and privacy review of the NCIC jail communications platform (mobile application and associated backend services) from a public-interest and civil-liberties perspective. The concern is straightforward and narrow: Whether the NCIC application engages in surveillance, data harvesting, tracking, or secondary data use that…

The Password Problem No One Is Answering