The Weekly Ink is a summary of the top security content of the week injected with our own pointed opinions, and will be posted to our blog…well, weekly.
Beyond the Vulnerabilities of the Application Specific Password: Exploiting Google Chrome’s OAuth2 Tokens
Earlier this year, we wrote about how any Google Application Specific Password (ASP) could be used to bypass 2-Step Verification. Although Google issued a fix to prevent account compromise, your ASPs can still be used to do almost anything else with your Google account.
Learn how attackers bypass Google's 2-step verification, reset users' master passwords & gain full account control by capturing users' app-specific passwords.
In case you haven't heard, LastPass, everyone's favorite browser-based password manager, posted an unsettling blog post yesterday detailing an anomalous event that occurred Tuesday morning on their infrastructure.
We've launched a site that allows you to easily check if your username or email address was included in the Gawker password dump: http://didigetgawkered.com.