CVE-2017–2448 — Update: We’re happy to announce that our session has been accepted at BlackHat USA 2017. Hope to see you there! We will speak in detail about the inner workings of iCloud keychain and the OTR vulnerability. Longterm Security, Inc. offers consulting services and training to help companies build, ship, and…

There’s a clever and wildly successful Gmail phishing campaign going around that seems to have affected very many people. It abuses 3-legged OAuth to gain access to accounts and spread. …

#0. Go passwordless In 2016, well over 500 million password credentials leaked (see https://haveibeenpwned.com/) and the number only continues to grow each year. Passwords alone are arguably no longer an adequate security mechanism for protecting PII without best practices such as multifactor authentication with universal two-factor or temporal one-time codes. You can actually…

At Longterm Security, we provide training for organizations looking to build up or improve their in-house Security Operations capabilities. Our other trainings include offensive security training which focuses on reverse engineering, vulnerability discovery, and bypassing exploit mitigations.We also have defensive security training for security design reviews, secure coding and testing…

Many startups, organisations, and larger enterprises today use the G Suite for their business productivity. The G Suite offers email services, calendars, collaborative document creation, file sharing, video conferencing and more. G Suite can also help manage the business IT infrastructure with MDM and SAML support. It puts much of…

Over the years there have been numerous high-profile attacks that have compromised accounts hosted on Google Mail or the G Suite. There are some highly effective measures that can be taken to help prevent these scenarios. And the most important tip is probably… Enforce Multifactor Authentication to Protect from Phishing Phishing is both the most common and…