credentials Archives

Winsage

May 2, 2025

Windows RDP has a major security problem, and Microsoft has refused to do anything about it

A significant vulnerability has been identified in the Windows Remote Desktop Protocol (RDP), which allows old credentials to remain functional even after a password reset. Security researcher Daniel Wade revealed that users can still access their systems with previously revoked credentials due to the authentication process relying on locally stored credentials that do not update in real-time. Microsoft's Security Response Center acknowledged this behavior but stated it is an intentional design to ensure at least one user account can log in, regardless of the system's online status. Microsoft has been aware of this issue since at least August 2023 and has chosen not to modify the code, citing potential compatibility issues.

Winsage

May 2, 2025

Microsoft Warns Windows Users—Delete Your Password

Microsoft aims to eliminate passwords for a billion users, promoting the use of passkeys that enhance account security by linking it to physical devices. The company warns that password-related attacks are increasing and emphasizes that having both a passkey and a password leaves accounts vulnerable to phishing. On World Password Day, Microsoft encourages users to abandon passwords entirely. The FIDO Alliance supports this initiative with a "Passkey Pledge," highlighting that over 35% of individuals have faced account compromises due to password vulnerabilities. Research shows that 54% of those familiar with passkeys find them more convenient, and 53% believe they offer better security. Microsoft will make new accounts passwordless by default and encourages existing users to remove their passwords. Passkeys are described as easy to use, intuitive, and resistant to phishing. For those who continue to use passwords, Microsoft advises making them long and complex and using authentication apps for two-factor authentication.

Winsage

May 1, 2025

Windows RDP has a major security problem, and Microsoft has refused to do anything about it

A security flaw in Windows RDP allows previously revoked credentials to remain functional after a password reset, enabling users to access their PCs with old passwords. Microsoft does not classify this issue as a bug, stating it is an intentional design to ensure at least one user account can always log in. This behavior is not flagged by Microsoft Defender, Azure, or Entra ID, and the company's documentation lacks clarity on the matter. Microsoft has been aware of this issue since at least August 2023 but has chosen not to modify the code, citing potential compatibility issues.

Winsage

May 1, 2025

Windows Warning — Microsoft Confirms Old Passwords Still Work To Login

Microsoft has confirmed that users can log into their Windows accounts using old passwords that have been changed and revoked under certain conditions. This behavior is classified as a feature rather than a security vulnerability. The issue arises from the Remote Desktop Protocol (RDP), which allows remote access to Windows machines. An independent security researcher discovered that after changing his password, he could still access his machine using the old credentials, even from new devices. Microsoft's documentation was updated to explain that credentials are verified against a local cached copy before network authentication, allowing continued access with the old password. Microsoft stated that this design ensures at least one user account can always log in, regardless of system offline status, and confirmed there are no plans to change this behavior.

Winsage

April 30, 2025

Windows RDP lets you log in using revoked passwords. Microsoft is OK with that.

The ability to use a revoked password for Remote Desktop Protocol (RDP) access on Windows machines linked to Microsoft or Azure accounts allows users to log in with either a dedicated password or the credentials from their online account. Even after changing the account password, the old password remains valid for RDP logins indefinitely, and in some cases, multiple previous passwords may still grant access. This behavior poses significant security risks, especially if the account has been compromised, as changing the password does not block access via RDP with the old password. The issue arises from credential caching on the local machine, where the initial login credentials are stored securely, allowing continued access without online verification.

Tech Optimizer

April 24, 2025

Meet Xata Agent: An Open Source Agent for Proactive PostgreSQL Monitoring, Automated Troubleshooting, and Seamless DevOps Integration

Xata Agent is an open-source AI assistant designed for PostgreSQL database site reliability engineering. It monitors logs and performance metrics to identify issues like slow queries and unusual connection counts, helping to maintain database integrity and performance. The tool automates tasks such as vacuuming and indexing and provides actionable recommendations through diagnostic playbooks and read-only SQL routines. The architecture is built as a Next.js application using TypeScript, organized in a monorepo structure. Developers can set up their environment using Node, install dependencies, and configure a local PostgreSQL instance with Docker Compose. Production deployment involves using Docker images and configuring environment variables in a production file. Key functionalities include proactive monitoring, configuration tuning, performance troubleshooting, safe diagnostics, cloud integration, alerting, LLM flexibility, and playbook customization. Developers can create new tools and integrate them into playbooks for cohesive workflows. Future plans include custom playbooks, support for Model Context Protocol, evaluation harnesses, approval workflows, and a managed cloud edition. The architecture promotes extensibility and community contributions, standardizing incident response and reducing human error in database management.

Winsage

April 23, 2025

5 reasons I use Windows 11 Backup over Macrium Reflect

Backups are crucial for data preservation, especially when primary machines face issues. Windows 11 provides various backup tools, including the Windows Backup app, which allows users to safeguard files, applications, and system preferences. This app can restore backups during Windows reinstallation and remembers wireless network credentials, simplifying the restoration process. It enables users to restore Microsoft Store apps with a single click and features a user-friendly interface that makes navigation easy. Windows Backup also offers data protection against ransomware through OneDrive storage. However, it cannot restore third-party apps and has limited cloud storage of 5GB on OneDrive, necessitating careful management of saved files.

Tech Optimizer

April 18, 2025

Breached Identities and Infostealers: One of the Largest Ongoing Data Leak in History

Breached identities due to infostealer malware are a significant threat to corporate information security in 2024. Infostealers are a type of remote access trojan that exfiltrate sensitive data, including saved credentials, session cookies, browser history, crypto wallet information, screen captures, and host data. Infections often stem from downloading cracked software, malicious advertising, fake Windows updates, and repackaged games. Infostealers do not require local administrative privileges, making them easy to execute. Threat actors primarily aim to profit from breached bank accounts and crypto wallets, often bypassing multi-factor authentication by targeting session cookies. They also seek credentials for subscription services and corporate access. Research shows that 90% of breached companies had leaked corporate credentials in a stealer log, with 78% experiencing leaks within six months of a breach. In comparison, 76% of similar companies without breaches had experienced a corporate stealer log compromise. The investigation identified high-criticality credentials from various corporate applications, indicating that a single user often has access to multiple credentials. The rise of infostealer malware represents a broad threat, encompassing a wide range of sensitive data. Organizations are advised to implement strategies such as restricting download privileges, avoiding illegal content, disabling macros, and regularly updating software to mitigate risks associated with infostealer malware.

AppWizard

April 18, 2025

Perplexity’s Android App Is Infested With Security Flaws, Report Finds

Perplexity has launched a promotional campaign called “Ask like a millionaire,” offering a million-dollar prize to users who download its app, refer friends, and engage with it during the Super Bowl. However, the Android app is facing scrutiny due to significant security vulnerabilities, including issues that could lead to data theft and account takeovers. A report from Appknox reveals that the app's API can be accessed without restriction, and the code contains hardcoded secrets, making it easy for attackers to create counterfeit versions of the app. The app is also vulnerable to task hijacking, which could allow unauthorized access to sensitive data. Perplexity, founded in 2022, has raised 0 million in venture capital and has over 10 million downloads. The company is exploring partnerships with smartphone manufacturers and has faced criticism for alleged copyright infringement. Security experts advise users to consider removing the app until the issues are resolved.

Winsage

April 17, 2025

Forget Windows 11. These mad lads made Linux look like Windows XP!

The Linux distribution Q4OS has introduced a feature that allows users to experience the Windows XP interface, along with other Windows versions, within a Linux environment. Users can download the free Q4OS distribution and install the XPQ4 graphical user interface (GUI) to activate various Windows-like interfaces, including Windows 2000, Windows 7, Windows 8, and Windows 10. A live installation option via USB is available, allowing users to try the experience without installation by downloading the ISO file for XPQ4, referred to as FreeXP. Users can create a bootable USB stick using tools like Rufus or balenaEtcher, and upon booting, they will encounter the FreeXP or Free10 interface. The default login credentials for Q4OS are “adminq” with a blank password, and users can customize the language during startup. The XPQ4 environment allows users to switch between different Windows versions using the ‘XPQ4 Desktop Styles’ tool. The operational experience is designed to feel familiar to Windows users, with features for easy software installation and personalization. Installing Q4OS with XPQ4 involves selecting ‘Install Q4OS’ and following an installation wizard that includes options for language, keyboard model, and user account setup. After installation, users can log in with their new credentials and use a Linux environment that resembles Windows XP.