Hardening Chrome based browsers
Go to
Then,
Disable - The Following Flags
==========================
#enable-offline-auto-reload
#disable-webrtc-hw-decoding
#disable-webrtc-hw-encoding
#enable-webrtc-hw-vp8-encoding
#clear-old-browsing-data
#enable-usermedia-screen-capturing
#disable-hyperlink-auditing
#contextual-search-ml-tap-suppression
#contextual-search-ranker-query
#enable-password-generation
#enable-manual-password-generation
#wallet-service-use-sandbox
#enable-chrome-home-survey
#vr-browsing-native-android-ui
#enable-gamepad-extensions
#webxr
#webxr-gamepad-support
#webxr-orientation-sensor-device
#webxr-hit-test
#vr-icon-in-daydream-home
#safe-search-url-reporting
#keep-prefetched-content-suggestions
#content-suggestions-debug-log
#enable-breaking-news-push
#interested-feed-content-suggestions
#enable-ntp-article-suggestions-expandable-header
#enable-ntp-remote-suggestions
#enable-ntp-suggestions-notifications
#PasswordExport
#PasswordImport
#password-search
#enable-nostate-prefetch
#enable-new-preconnect
#enable-async-dns
#enable-mark-https-as set to: Enable (mark as actively dangerous) this option will be removed
#BundledConnectionHelp
enable-omnibox-voice-search-always-visible
#enable-viz-test-draw-quad
#enable-framebusting-needs-sameorigin-or-usergesture
Enable - The Following Flags
==========================
#num-raster-threads (4)
#enable-offline-auto-reload-visible-only
#enable-tcp-fast-open
#enable-scroll-anchoring
#enable-new-photo-picker (enabled)
#enable-fast-unload
#enable-history-entry-requires-user-gesture
#smooth-scrolling
#enable-quic (see explanation)
#enable-android-spellchecker
#enable-chrome-modern-design
#enable-modal-permission-dialog-view
#reduced-referrer-granularity
#enable-site-per-process
#offline-bookmarks
#enable-brotli
#force-show-update-menu-badge
#tls13-variant set to: Enabled (Draft23)
#disable-audio-support-for-desktop-share
#enable-content-suggestions-new-favicon-server
#important-site-in-cbd
#enable-font-cache-scaling
#new-audio-rendering-mixing-strategy
#expensive-background-timer-throttling
#modal-permission-prompts
#lsd-permission-prompt
#language-settings
#enable-custom-context-menu
#enable-custom-feedback-ui
#omnibox-display-title-for-current-url
#autoplay-policy set to: Document user activation required
#enable-async-image-decoding
#dont-prefetch-libaries
#sound-content-setting
#enable-parallel-downloading
#enable-overflow-icons-for-media-controls
#enable-downloads-location-change
#enable-block-tab-unders
#stop-in-background
#clipboard-content-settings
#enable-modern-media-controls
#unified-consent
By Chef Koch
Taken from @EnergizedProtection ⚡️
#hardening #chrome #browser
Go to
chrome://flags
Then,
Disable - The Following Flags
==========================
#enable-offline-auto-reload
#disable-webrtc-hw-decoding
#disable-webrtc-hw-encoding
#enable-webrtc-hw-vp8-encoding
#clear-old-browsing-data
#enable-usermedia-screen-capturing
#disable-hyperlink-auditing
#contextual-search-ml-tap-suppression
#contextual-search-ranker-query
#enable-password-generation
#enable-manual-password-generation
#wallet-service-use-sandbox
#enable-chrome-home-survey
#vr-browsing-native-android-ui
#enable-gamepad-extensions
#webxr
#webxr-gamepad-support
#webxr-orientation-sensor-device
#webxr-hit-test
#vr-icon-in-daydream-home
#safe-search-url-reporting
#keep-prefetched-content-suggestions
#content-suggestions-debug-log
#enable-breaking-news-push
#interested-feed-content-suggestions
#enable-ntp-article-suggestions-expandable-header
#enable-ntp-remote-suggestions
#enable-ntp-suggestions-notifications
#PasswordExport
#PasswordImport
#password-search
#enable-nostate-prefetch
#enable-new-preconnect
#enable-async-dns
#enable-mark-https-as set to: Enable (mark as actively dangerous) this option will be removed
#BundledConnectionHelp
enable-omnibox-voice-search-always-visible
#enable-viz-test-draw-quad
#enable-framebusting-needs-sameorigin-or-usergesture
Enable - The Following Flags
==========================
#num-raster-threads (4)
#enable-offline-auto-reload-visible-only
#enable-tcp-fast-open
#enable-scroll-anchoring
#enable-new-photo-picker (enabled)
#enable-fast-unload
#enable-history-entry-requires-user-gesture
#smooth-scrolling
#enable-quic (see explanation)
#enable-android-spellchecker
#enable-chrome-modern-design
#enable-modal-permission-dialog-view
#reduced-referrer-granularity
#enable-site-per-process
#offline-bookmarks
#enable-brotli
#force-show-update-menu-badge
#tls13-variant set to: Enabled (Draft23)
#disable-audio-support-for-desktop-share
#enable-content-suggestions-new-favicon-server
#important-site-in-cbd
#enable-font-cache-scaling
#new-audio-rendering-mixing-strategy
#expensive-background-timer-throttling
#modal-permission-prompts
#lsd-permission-prompt
#language-settings
#enable-custom-context-menu
#enable-custom-feedback-ui
#omnibox-display-title-for-current-url
#autoplay-policy set to: Document user activation required
#enable-async-image-decoding
#dont-prefetch-libaries
#sound-content-setting
#enable-parallel-downloading
#enable-overflow-icons-for-media-controls
#enable-downloads-location-change
#enable-block-tab-unders
#stop-in-background
#clipboard-content-settings
#enable-modern-media-controls
#unified-consent
By Chef Koch
Taken from @EnergizedProtection ⚡️
#hardening #chrome #browser
Google Autofill tests biometric authentication for passwords and payments
https://www.xda-developers.com/google-autofill-biometric-authentication-passwords-payments
https://nakedsecurity.sophos.com/2020/01/14/google-tests-biometric-authentication-for-android-autofill
#google #biometrics #password #payments #fp
https://www.xda-developers.com/google-autofill-biometric-authentication-passwords-payments
https://nakedsecurity.sophos.com/2020/01/14/google-tests-biometric-authentication-for-android-autofill
#google #biometrics #password #payments #fp
Forwarded from BlackBox (Security) Archiv
Bitwarden leaks passwords to other subdomains
Today I was on a domain that should only be available via BasicAuth. Then I was really scared when I did not have to login. Even in incognito mode the page was visible without login. Is my BasicAuth broken? Turns out: No, but @Bitwarden has automatically logged in for me.
👀 👉🏼 https://nitter.net/RitzmannMarkus/status/1307614248835731456
#bitwarden #leak #password #subdomains
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Today I was on a domain that should only be available via BasicAuth. Then I was really scared when I did not have to login. Even in incognito mode the page was visible without login. Is my BasicAuth broken? Turns out: No, but @Bitwarden has automatically logged in for me.
👀 👉🏼 https://nitter.net/RitzmannMarkus/status/1307614248835731456
#bitwarden #leak #password #subdomains
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Nitter
Markus Ritzmann (@RitzmannMarkus)
Today I was on a domain that should only be available via BasicAuth. Then I was really scared when I did not have to login. Even in incognito mode the page was visible without login. Is my BasicAuth broken? Turns out: No, but @Bitwarden has automatically…
Forwarded from BlackBox (Security) Archiv
Password manager: LastPass restricts free version
Users of the free version of LastPass will only be able to use the password manager across devices to a limited extent from March.
Starting in March and then again in May, the LastPass developers want to reduce the functionality of the free version. The password manager is available for popular systems such as Android, iOS and Windows. Users have access to their passwords stored in the password vault on all devices.
https://blog.lastpass.com/2021/02/changes-to-lastpass-free/
#LastPass #password #manager
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Users of the free version of LastPass will only be able to use the password manager across devices to a limited extent from March.
Starting in March and then again in May, the LastPass developers want to reduce the functionality of the free version. The password manager is available for popular systems such as Android, iOS and Windows. Users have access to their passwords stored in the password vault on all devices.
https://blog.lastpass.com/2021/02/changes-to-lastpass-free/
#LastPass #password #manager
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
The LastPass Blog
Changes to LastPass Free - The LastPass Blog
We’re making changes to how Free users’ access LastPass across device types.
#France Supreme court: Refusing to provide your phone #password is a crime.
https://www.lemonde.fr/societe/article/2022/11/07/le-refus-de-communiquer-le-code-de-deverrouillage-d-un-telephone-portable-peut-constituer-un-delit-juge-la-cour-de-cassation_6148834_3224.html
https://www.lemonde.fr/societe/article/2022/11/07/le-refus-de-communiquer-le-code-de-deverrouillage-d-un-telephone-portable-peut-constituer-un-delit-juge-la-cour-de-cassation_6148834_3224.html
Le Monde.fr
Le refus de communiquer le code de déverrouillage d’un téléphone portable peut constituer un délit, juge la Cour de cassation
L’instance était appelée à se prononcer sur une affaire de trafic de stupéfiants dans laquelle une cour d’appel avait relaxé un suspect qui avait refusé de donner le code de déverrouillage de ses deux téléphones, malgré la jurisprudence de la Cour de cassation.
Media is too big
VIEW IN TELEGRAM
OffensiveCon24 - Solar Designer - Keynote - Password Cracking: Past, Present, Future
Passwords (or phrases) remain a distinct and ubiquitous authentication factor. They are also widely used to derive encryption keys for data or other keys. Password cracking is used in security audits, penetration testing, to recover or gain access to data, keys, or funds, and for a variety of other purposes. Focus of this talk is evolution and optimization of offline password cracking. At a high level, we break down the optimization problem into that of speed (how many candidate passwords we test per second) and focus (which candidate passwords we test against which targets and in what order). Also included is plenty of historical context starting with 1960s and until the present day, with a look into the future.
https://www.offensivecon.org/speakers/2024/solar-designer.html
#Password #Craking #PasswordCraking
Passwords (or phrases) remain a distinct and ubiquitous authentication factor. They are also widely used to derive encryption keys for data or other keys. Password cracking is used in security audits, penetration testing, to recover or gain access to data, keys, or funds, and for a variety of other purposes. Focus of this talk is evolution and optimization of offline password cracking. At a high level, we break down the optimization problem into that of speed (how many candidate passwords we test per second) and focus (which candidate passwords we test against which targets and in what order). Also included is plenty of historical context starting with 1960s and until the present day, with a look into the future.
https://www.offensivecon.org/speakers/2024/solar-designer.html
#Password #Craking #PasswordCraking