AwghBlog

Subscribe to our feed
Tweets
- IDAPython script to automatically go to all unidentified subroutines and press 'C'. Needed this. http://t.co/L8StnqwK 6 days ago
- South Korean psy-ops now using the video as well as the music. I prefer Nancy Sinatra. http://t.co/bZMXyrUL 1 week ago
- @openfly I feel like Rupert Murdoch is more likely to be cryogenically frozen to fight future communism than Zuckerberg. 2 weeks ago
- "The potential for the disastrous rise of misplaced power exists and will persist." http://t.co/VOcSzVjA 2 weeks ago
- Sooo much useless trivia in my head. I recognized all of these: http://t.co/z3lBHZK5 2 weeks ago
- @fbz For packet, the AGW engine is maintained and programs based on it still work. Other Ham packages, not so much. http://t.co/2g9HKfR7 2 weeks ago
- @fbz Once you have a Ham license, get a WinLink email so you can talk to me when the zombies come: http://t.co/NA3cQxnj 2 weeks ago

Weaponizing Mailinator

Posted on December 17th, 2008 in Security

There has always been something deeply unsettling to me about the ‘Forgot Password’ functionality on many web sites. The ‘Forgot Password’ page exists solely to help unauthenticated users bypass the usual means of authentication. For whatever reason, many developers overlook the importance of locking this down, even after the issue of too-easily-guessable questions in Yahoo’s [...]

Tags: brute force, brute forcing, dictionary, dictionary attack, forgot password, hacking, infosec, mailinator, Mailinator-nator, Mailinatornator, password, pen test, Security, web application security, Web Security

Read post Read 2 comments

Tweets

Weaponizing Mailinator

Categories

Recent Posts