Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Multi-factor authentication hack

  • 20-03-2010 1:34pm
    #1
    probe
    Closed Accounts Posts: 2,055 ✭✭✭


    Keystroke logger+ installed on victim's PC via flash, acrobat, email attachment or other weakness.

    Victim goes to access an internet website that uses multi-factor authentication (eg bank account, corporate VPN entry point etc).

    The logger grabs the website URL, and authentication credentials and sends them to hacker. Meanwhile, the keystroke logger sends a bogus login (eg incorrect password) to the website the victim is attempting to log into. He gets an invalid login attempt message.

    Meanwhile the hacker gets in using the legitimate credentials stolen from the victim and does whatever nasty work he has planned to do.

    This trick has been played on World of Warcraft's servers - but could just as easily work with any secure site.

    The item came up as question 5 in Security Now this week.

    Steve also discusses APTs (advanced persistent threats) where a company is targeted (eg Google and others recently) and malware is installed on the victim's system to control certain aspects of its operation. This topic was a big issue at the recent RSA conference.


    Audio: http://media.grc.com/sn/SN-240.mp3

    Transcript: http://www.grc.com/sn/sn-240.htm

    RSA conference: http://www.rsaconference.com


Comments

Advertisement