reminder that the bcrypt hash function ignores input above a certain length! so if you do bcrypt(username || password) for some reason, a sufficiently long username will make it accept any password. to fix this you can sha256 the input first.
Very clever phish.
Attacker sends a Docusign (actually from Docusign). On the signing page, the only thing is a link and “tap here to view document”, which takes you to an MS phishing page.
🚨 Just received a phone call from the Hillsborough County Sheriff's Office this afternoon. Officer reads off his badge number & proceeds to ask if this is [my name] located at [my address] w/ SSN# [reads last 4 of my social]. Fuck. Was walking through Costco as I took the call.
@Ell_o_Punk The Natural History Museum is pretty great, and the science museum, although that might be a bit more for kids. The big London Eye wheel thing has some fantastic views but costs money and can be busy
One reason SQL injections remain a threat is a persistent lack of awareness and due diligence. Many #developers use platforms like StackOverflow and tools like GitHub Copilot to quickly find answers, but end up with code vulnerable to #SQL injection.
https://t.co/csxgqiTzpo
Now that AT&T has lost all our social security numbers in a data breach, this is a great time for regulators to NOT ask what they should have done to secure it better, but why the phone company needed your SSN in the first place.