Mikel  Okuneva

Mikel Okuneva

1597546800

Paving the Path to Passwordless

Passwords seem to be the digital equivalent of the phrase, “can’t live with ’em, can’t live without ’em.” They’re supposed to protect sensitive information and data, but passwords can also be incredibly frustrating; you shouldn’t use the same one across the board, which means you probably have variations of the same one, which means you have to remember which one is for which site, and then when you have to reset your password because inevitably you can’t remember it, you get an error that says your new password can’t be the same as your old password. Phew! (Oh, and don’t forget that your password also has to be complex enough that it’s hard to guess. So, add that to the list.)

If it seems like passwords are overwhelming sometimes – you aren’t alone. We’ve all been there. Password management tools and apps can help ease the pain of passwords, but even those don’t totally solve all of the password challenges all of the time.

And if passwords are that irritating on an individual level, they cause a whole additional set of issues for enterprises. Think about it: if the average enterprise uses 1,400 cloud applications (as SkyHigh Networks estimates) and each enterprise has thousands of users accessing those applications, that’s password management for literally millions of passwords. Complicating things further are complex IT environments, administrative and operational costs, needing to meet compliance regulations, and of course, keeping everyone within your organization up to date on your security and password policies.

From an organizational and security standpoint, some of the problems with passwords include:

  • 20-50% of all IT help desk tickets are for password resets and U.S.-based organizations spend over $1 million annually in password-related support costs
  • They make for poor user experiences: the average business user must remember and log in with as many as 190 passwords
  • 81% of all breaches involve stolen or weak credentials, while 29% of all breaches involved the use of stolen credentials

Overall, passwords are neither the best nor the most secure gatekeeper for our most important assets, which then begs the question: why are we still using them? And yet, the jump from using passwords to…another solution seems far. Is getting rid of passwords a realistic future? It’s true that using biometrics as a means to identify users exists, but is it scalable for enterprises? At the moment, probably not. The market is not currently in a place to support this easily.

But that doesn’t mean it’s not on the horizon. Security analysts have predicted using passwords as a means to secure important information will be a thing of the past eventually. Until this digital transformation can be fully realized, there are steps you can take to begin the shift to passwordless authentication.

Duo Security’s white paper, “Passwordless: The Future of Authentication,” does a deep dive into what is achievable today, including:

  • Identifying and selecting specific use cases for passwordless in your organization
  • How to streamline and consolidate your authentication workflows
  • How to pair multi-factor authentication with access across cloud and on-prem to provide the broadest security coverage available

#web security #password management #passwordless

What is GEEK

Buddha Community

Paving the Path to Passwordless
Mikel  Okuneva

Mikel Okuneva

1597546800

Paving the Path to Passwordless

Passwords seem to be the digital equivalent of the phrase, “can’t live with ’em, can’t live without ’em.” They’re supposed to protect sensitive information and data, but passwords can also be incredibly frustrating; you shouldn’t use the same one across the board, which means you probably have variations of the same one, which means you have to remember which one is for which site, and then when you have to reset your password because inevitably you can’t remember it, you get an error that says your new password can’t be the same as your old password. Phew! (Oh, and don’t forget that your password also has to be complex enough that it’s hard to guess. So, add that to the list.)

If it seems like passwords are overwhelming sometimes – you aren’t alone. We’ve all been there. Password management tools and apps can help ease the pain of passwords, but even those don’t totally solve all of the password challenges all of the time.

And if passwords are that irritating on an individual level, they cause a whole additional set of issues for enterprises. Think about it: if the average enterprise uses 1,400 cloud applications (as SkyHigh Networks estimates) and each enterprise has thousands of users accessing those applications, that’s password management for literally millions of passwords. Complicating things further are complex IT environments, administrative and operational costs, needing to meet compliance regulations, and of course, keeping everyone within your organization up to date on your security and password policies.

From an organizational and security standpoint, some of the problems with passwords include:

  • 20-50% of all IT help desk tickets are for password resets and U.S.-based organizations spend over $1 million annually in password-related support costs
  • They make for poor user experiences: the average business user must remember and log in with as many as 190 passwords
  • 81% of all breaches involve stolen or weak credentials, while 29% of all breaches involved the use of stolen credentials

Overall, passwords are neither the best nor the most secure gatekeeper for our most important assets, which then begs the question: why are we still using them? And yet, the jump from using passwords to…another solution seems far. Is getting rid of passwords a realistic future? It’s true that using biometrics as a means to identify users exists, but is it scalable for enterprises? At the moment, probably not. The market is not currently in a place to support this easily.

But that doesn’t mean it’s not on the horizon. Security analysts have predicted using passwords as a means to secure important information will be a thing of the past eventually. Until this digital transformation can be fully realized, there are steps you can take to begin the shift to passwordless authentication.

Duo Security’s white paper, “Passwordless: The Future of Authentication,” does a deep dive into what is achievable today, including:

  • Identifying and selecting specific use cases for passwordless in your organization
  • How to streamline and consolidate your authentication workflows
  • How to pair multi-factor authentication with access across cloud and on-prem to provide the broadest security coverage available

#web security #password management #passwordless

Osiki  Douglas

Osiki Douglas

1625155920

So You've Fucked up your Python Path

I remember back to when I first learned Python. It was a strange decision for a happily employed post-graduate to make, especially for a time when many were screaming for the death of the language with Guido’s (outrageous?) grand reveal of Python 3. The Ruby on Rails guys seemed to be doing just fine. Those were the days.

After weeks of sweating over a keyboard in the basement of an illegal Bedstuy hostel, I had finally set out what I had hoped to achieve. It was the greatest credential any programmer could possibly strive for: yes ladies and gentlemen, none other than yours truly became an officially recognized licensed professional: I had just completed the last Python course in Codecademy.

Congratulations, you know nothing

Armed with this new unfathomable knowledge, I was ready to take on the world. I did have a few gaps in my knowledge, such as:

  • Experience with Linux
  • General idea of what a terminal is and why anybody would use one
  • Basic understanding of the internet
  • Motor skills needed to survive

That aside, I was determined. Nothing could stop me, which turns out to be a really bad attitude when you’re SSHed into a VPS with root access, and zero hesitation to wreak havoc upon any and all system files. You see where this is going.

#python #devops #python path #fucked #path

Gerhard  Brink

Gerhard Brink

1624818000

The Path to a Better Future is paved with Data

The Cambridge Analytica[i] scandal along with other data breaches[ii] have given the data extraction industry a negative reputation. That’s a hard reality to face, because (a) I lead a company that provides ethically-sourced proxies for public data extraction, and (b) I believe that web scraping can be a force for good.

I realise that some people will need to be convinced that this is true because positive stories don’t get nearly as many clicks as negative ones. But they do exist, and I hope to change some minds with this article.

There’s no going back: big data is here to stay
Web scraping helps pave the path to a better internet
Online marketplaces
“Watchdog” monitoring groups & journalists

#big data #latest news #the path to a better future is paved with data #future #data #better future

Michio JP

Michio JP

1629990953

FaucetCryptoBot | A Bot for FaucetCrypto a Cryptocurrency Faucet

A bot for the high paying popular cryptocurrency faucet Faucet Crypto. The bot is built using Python and Selenium, currently it is under active development and, can do tasks like PTC ads, main rewards, and shortlinks except exe.io and fc.lc

Status

Seems like Faucet Crypto has started using a bot detection system so you may need to obfuscate your driver to prevent it's detection. Please see below for the detailed instructions.

The xpaths have been updated and new xpaths have been written to xpath.py you can replace the new file with the old file. Since i had to rush throught this if i missed something please let me know

The layout of Faucet Crypto has changed and the bot won't work anymore you can wait for me to release the updated xpath file or you can add them manually to the xpath.py file.

The issue of the bot was unable to find the claim button was fixed. The reason was due to an update in Faucet Crypto website. New xpaths have been updated you can copy the new xpaths to your old xpaths file. (keep and eye on the bot status for further changes and updates that might occur.)

Disclaimer

Please be note that this is the first major automation project for me. I am by no means responsible for any usage of this tool, Account bans or Nuclear winter. Use it on your own behalf. I'm also not responsible if your account get's banned.Therefore, if the Faucet Crypto devs catches you and get you banned,then don't point your fingers at me, for getting your account deleted? I will rolling on the floor laughing at you.

Faucet Crypto

Faucet Crypto landing page

If you found this repo useful please don't forget to give me a ⭐

Brave Browser

The browser of choice for this project is Brave browser due to its native ad-blocking scripts which are pretty good and prevents random popup openings, which can mess with the bots proper execution.

If you don't have Brave browser installed you can download it from here.

Changes

v2.98

  • Added much better error codes
  • If the bot is run in headless mode it wont load images imporving load times significantly
  • Instructions for driver obfuscations have been provided
  • Much efficent compared to the previous versions
  • Achievements collector has also been added but its only experimental and is disabled by default in the bot.py file you can use this feature by uncommenting it
  • Also added a feature where the bot screenshots the stupid popup ads that creep in from time to time.
  • If the bot detects that the captcha is being triggered it will sleep for an hour before executing again.
  • Fake User Agent has been added
  • Option for completing fc.lc shortlinks added but disabled by default, cause it dosen't work always you can test it out by uncommenting the sections below it in FaucetCryptoBot/fcbot.py.
  • Bot automatically closes the modal and chat which was an issue in the previous version.
  • Resolved the issue where the watch button for sh.faucetcrypot.com was covered by the chat button and throwed an error.
  • Removed the annoying 'NoneType' object has no attribute 'text' errors.
  • Replaced pickle5 with pickle-mixin cause pickle5 was causing issues for windows users.
  • Changes in requirements.txt file

v2.88

Added logic to save cookies and use them for logging in. This prevents using the default profile directory of your browser and dosen't mess it up.

Added logic to close the welcome modal and chat which covered the dashboard visibilty.

Cookies are now saved to a cookie file if it is not present in the directory the bot will automatically login with the user email and password provided on the config file and generate a new cookie file.

Added proxy incase you want to generate some referrals. This method is not recommended yet and try this at your own risk.

Fixed the issue when the browser was running in normal mode the bot closing all the open tabs.

Installation

create a virtual environment with virtualenv

virtualenv env

Activate the virtual environment

source env/bin/activate

Install all the necessary packages

pip install -r requirements.txt

Important

The following is important to better hide your chromedriver

Replacing cdc_ string

You can use vim or perl to replace the cdc_ string in chromedriver. Using vim or perl prevents you from having to recompile source code or use a hex-editor.

Make sure to make a copy of the original chromedriver before attempting to edit it.

Our goal is to alter the cdc_ string, which looks something like $cdc_lasutopfhvcZLmcfl.

Using Vim

vim /path/to/chromedriver

After running the line above, you'll probably see a bunch of gibberish. Do the following:

Replace all instances of cdc_ with dog_ by typing :%s/cdc_/dog_/g. dog_ is just an example. You can choose anything as long as it has the same amount of characters as the search string (e.g., cdc_), otherwise the chromedriver will fail.

To save the changes and quit, type :wq! and press return. If you need to quit without saving changes, type :q! and press return.

Using Pearl

  • The line below replaces all cdc_ occurrences with dog_.
perl -pi -e 's/cdc_/dog_/g' /path/to/chromedriver
  • Make sure that the replacement string (e.g., dog_) has the same number of characters as the search string (e.g., cdc_), otherwise the chromedriver will fail.

Setup

Set the correct path for your brave browser in the config file config.py

[Browser]
browser-mode =              #takes two parameters headless or leave it empty
driver-path =               #path to your chrome driver
browser-binary-location =   #path to your browser binary location

[User]
mail =                      #Your faucet crypto account mail
password =                  #your faucet crypto account password

[Misc]
debug =                     #takes two arguments True of False
proxy =                     #proxy address and port try not to use a proxy
                            #and leave this empty

Run

Run the bot by

python bot.py

Bot terminal

Account setup

If it's your first time running the bot you need to login to Faucet crypto. Run the bot in normal-mode(default) it will redirect to login page where you can login, the bot will do the rest from there by collecting from all the ads. (Note) The bot can't yet do the exe.io and fc.lc shortlinks so you would have to help it do that. If you've logged in successfully then you can run the bot in headless mode from then on you can set the bot to headless mode by setting the "headless" flag in the config file.

browser-mode = "headless"

Contributions

Feel free to contribute to this project and help me improve this project

Thank You,

Download Details:
 

Author: souravrs999

Download The Source Code : https://github.com/souravrs999/FaucetCryptoBot/archive/refs/heads/main.zip 

GITHUB: https://github.com/souravrs999/FaucetCryptoBot 


 

Sigrid  Farrell

Sigrid Farrell

1624435111

Thymeleaf Path Variables with Spring Boot

Introduction

Thymeleaf is a templating (server-side rendering) engine used by many Java software engineers within Spring-based web applications. An important feature of any web application is the support for dynamic URLs and path variables within those URLs.

Most REST APIs extensively use path variables to specify the IDs of elements they’re performing operations on. For instance, a typical example would be:

https://www.somewebsite.com/viewPost/path-variables-with-spring-boot
## OR
https://www.somewebsite.com/viewProduct/5

In both of these cases, we’re trying to find a resource denoted by a certain identifier. In the first case, we’re identifying a resource by its title - path-variables-with-spring-boot, while in the second, we’re identifying it through an incremental ID counter - 5.

Note: When using predictable path variables, such as an incremental counter, beware of security concerns. First of all - these are easily scrapable, but most important than anything, without proper validation - someone might figure out that /deleteProduct/5 deletes entries from the database, and decide to drop most of the entities stored within it

#java #spring boot #spring #thymeleaf path variables with spring boot #thymeleaf path