Mermaids: Personal messages spilled between the organization and parents of transgender children
infosec

Mermaids: Personal messages spilled between the organization and parents of transgender children

Mermaids UK is an organization founded by parents of transgender children and aims to support these children ....
Read More
infosec

"Election" hacking has never been simpler than it is today!

Being a professional hacker has never been easier and more profitable than it is today. According to...
Read More
infosec

A new Android Trojan misleads users through notifications

A new Android Trojan discovered by security researchers on the Google Play Store uses false notifications to redirect their ...
Read More
infosec

Europol: Training of police officers with ....... a game!

In recent years, cryptocurrencies are a frequent target of hackers' attacks. For this reason, Europol has decided to train ...
Read More
infosec

Dark Web: Selling drugs in exchange for Bitcoins. Now prison!

We know that Dark Web is mainly used by hackers and people who are interested in doing illegal online activities. These people are using ...
Read More
Latest Posts

G Suite user codes were stored in plaintext

Suite

Η Google admitted on Tuesday that the paid applications G Suite for businesses, store certain user passwords in plaintext.

The company informed via email the account managers affected by the security error, that in some cases the passwords had not been hashed. Hashing is a security practice that protects credentials by using an encryption algorithm.

Google is trying to persuade users that the bug was only about the business version of G Suite and did not affect other consumers, and also stated that there were no signs of password abuse and that the passwords were encrypted.

There are essentially two security issues in the case. The first is about a G Suite feature available from 2005, which allowed administrators to set G Suite users' passwords through the Google Account's admin console. However, although it is designed to help new employees in a business to set their passwords and connect, they do not apply practice hashing to these codes.

The second problem is to record some user passwords on platforms and to maintain these credentials for about 14 days each time again without hashing. This practice began in January of this year, during attempts by Google employees to face problems of the connection system and has stopped.

Representative of the company said that both of these problems have been resolved.

The hashing process is applied so that if someone illegally invades a sever, they can not get the people sign-in credentials: passwords are encrypted in such a way that malicious agents can not understand who the prototypes are and they can not use to connect to other services or platforms.

In this case the codes were not hadhed, so they were vulnerable if a competent hacker or even an employee of the company was trying to intercept them.

From today, Google will start changing passwords for affected accounts that have not changed.

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *