Random Entry: Cyrese is here
< Fraudsters: AAA Plumbing & Electrical | VodaSMS Update >

SuperGenPass Update

I made a small update to SuperGenPass (full write up) to randomise several of the variable names. This will prevent this exploit from working. It is by no means fool proof, and I'd still recommend using the Data URI or other out of band version for full assurance. I've been using it for a few weeks now with no incident. Additionally, as the randomisation is done per user, and up-front, I'd recommend hitting the page via TLS. I use a self-signed cert, the fingerprints are on the right of my blog.

Tuesday, March 1. 2011
Posted by Dominic White in Security
Comment (1) | Trackbacks (0)

Last modified on 2011-03-01 15:09

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

#1 Jay Peerson (Reply)
Posted on Thursday, March 15. 2012

Any chance we could see a bookmarklet with custom generated password lengths?

Add Comment

Name
Email
Homepage
In reply to
Comment	E-Mail addresses will not be displayed and will only be used for E-Mail notifications. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information? Subscribe to this entry