Honeypot Attempted Passwords

Photo generated with AI by https://stablediffusion.fr/
Photo generated with AI by https://stablediffusion.fr/
I’ve been running a honeypot for a while just to see what creepy things crawl around on the internet. One of the things I wanted to see is what credentials are probed when trying to sign in, so I equipped the honeypot with a fake WordPress login page. Today, I’m writing about these credentials. For my evaluation I’m looking at data only from the past 6 months, more or less. On average, almost 80 attempts to login are made every day.
read more →

Time-based One-time Passwords

Photo generated with AI by https://stablediffusion.fr/
Photo generated with AI by https://stablediffusion.fr/
I recently had to switch phones, because my old phone conked out. I had an app on that phone that I used for short-lived MFA codes for various logins I use. That app was a poor choice, because it didn’t allow for a backup of the secrets used for the code generation, so I had to go to the relevant logins and one by one remove MFA, then add it again.
read more →

Signing HTTP Messages in .Net with NSign

Photo by Pixabay: https://www.pexels.com/photo/security-logo-60504/
Photo by Pixabay: https://www.pexels.com/photo/security-logo-60504/
One of the things I have been working on at work over the past few months is an open source implementation for .Net of the standard-to-be for HTTP message signatures. I’ve ended up calling this NSign which granted is a bit broad – the libraries deal only with HTTP signatures – but I found that the name quite fitting. The general idea of HTTP message signatures is that clients and/or servers can create and verify digital signatures or message authentication codes over HTTP messages, that is either request or response messages.
read more →