View The Email to Get Hacked: Attacking SMS-based Two-Factor - PowerPoint PPT Presentation

Dec 23, 2022 •116 likes •415 views

View The Email to Get Hacked: Attacking SMS-based Two-Factor Authentication Philipp Markert, Florian Farke, and Markus Drmuth Santa Clara, California, USA | WAY 2019 | August 11, 2019 Two-Factor Authentication 1 1 2 1 Gmail 2FA

View The Email to Get Hacked: Attacking SMS-based Two-Factor Authentication Philipp Markert, Florian Farke, and Markus Dürmuth Santa Clara, California, USA | WAY 2019 | August 11, 2019
Two-Factor Authentication 1
1 2 1
Gmail 2FA Confidential Adoption Mode Attacking Are there Google’s alternatives? 2FA
2FA Adoption 3
* analyzed top 100 websites 25 75 left no login 18 57 left duplicates 26 31 offer 2FA no 2FA 3 * Le Pochat et al. Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation. NDSS ’19
31 websites offer 2FA 25 (81%) 24 (77%) 7 (23%) 4
Gmail Confidential Mode 5
6
7
8
Tonight’s door code: long long Email short long 9
Tonight’s door code: long long Link short long https://confidential-mail.google.com/msg/... 10
2FA Confidential Mode Tonight’s door code: long long Link short long 11
Attacking Google’s 2FA 12
alice@gmail.com pw: wonderland 12
1. Email 13
https://confidential-mail.google.com/msg/… https://confidential-mail.oscar.com/msg/... 1. Email 13
1. Email 13
Confidential Mode 4. 3. Login 6. G-123456 1. Email 2. 5. G-123456 13
Are there alternatives? 14
1. Improve the text of the SMS 2FA Confidential Mode 14
1. Improve the text of the SMS 14
1. Improve the text of the SMS 14
2. Use a Software Token 15
3. Use a Hardware Token 16
31 websites offer 2FA 25 (81%) 7 (23%) 24 (77%) alice@gmail.com pw: wonderland
View The Email to Get Hacked: Attacking SMS-based Two-Factor Authentication Philipp Markert, Florian Farke, and Markus Dürmuth Santa Clara, California, USA | WAY 2019 | August 11, 2019

Recommend

Identity Risk & Governance I may not get hacked but I know I will be audited! 1

A Strategic Portfolio Focus on Identity Risk & Governance I may not get hacked but I know I will be audited! 1 #GetIAMRight | One Identity - Restricted - Confidential IAM Risk Framework Provide a comprehensive view of real-time

366 views • 13 slides

How we hacked How we hacked and what happened next and how you can be safe Ruben van Vreeland

How we hacked How we hacked and what happened next and how you can be safe Ruben van Vreeland Fixed Fixed https://www.owasp.org/index.php/Top_10_2013-Top_10 <script>alert(1)</script> User Data Change Data XSS Bootstrap

1.06k views • 59 slides

Who Whos Really Attacking Y s Really Attacking Your our #WHOAMI Threat

Who Whos Really Attacking Y s Really Attacking Your our #WHOAMI Threat Researcher at Trend Micro- research and blogger on criminal underground, persistent threats,

792 views • 44 slides

Welcome to NEOnets Cyber Security Executive Briefing If you havent yet been hacked, you

Welcome to NEOnets Cyber Security Executive Briefing If you havent yet been hacked, you will be. In fact, you already may have been hacked, but dont know it yet. Stu Davis, Chief Information Officer, Ohio Department of

600 views • 45 slides

How we hacked and how you can be safe and what happened next Ruben van Vreeland Ruben van

How we hacked How we hacked and how you can be safe and what happened next Ruben van Vreeland Ruben van Vreeland Web Application Security Web hosting / infrastructure Web applications / platforms VB6, C#, PHP, (Spring) Java

569 views • 29 slides

SAP Security: Attacking SAP users Attacking SAP users with sapsploit eXtended 1.1 Xt d d 1 1

SAP Security: Attacking SAP users Attacking SAP users with sapsploit eXtended 1.1 Xt d d 1 1 Alexander @sh2kerr Polyakov. PCI QSA,PA-QSA 11 We change look but we keep mind Company Digital Security Research Group International

924 views • 59 slides

Your web server has been hacked now what? Archzilon Eshun-Davies (@laudarch)_ CISO/CEO Tactical

Your web server has been hacked now what? Archzilon Eshun-Davies (@laudarch)_ CISO/CEO Tactical Intelligence Security OWASP Ghana 2019 Who is this talk for? - Individuals, developers and sys admins. Are you sure youve been hacked? Q1:

247 views • 11 slides

Public FPGA based DM Public FPGA based DMA Atta A Attacking king UlfFrisk Agenda Background

Public FPGA based DM Public FPGA based DMA Atta A Attacking king UlfFrisk Agenda Background and Previous work Transmit and Receive PCIe TLPs DUMP memory FPGA Design Attack vulnerable vanilla Linux system Attack vulnerable UEFI Windows

359 views • 19 slides

When a user first accesses this page, they must enter an email address to view the content. The

When a user first accesses this page, they must enter an email address to view the content. The email is also logged in the dataase. For aess to e grated, the adi ill set ultiple aeptale doais like, @

260 views • 10 slides

Hardening WordPress (or, How Not To Get Hacked And What To Do When You Are) Gregory Ray dot

Hardening WordPress (or, How Not To Get Hacked And What To Do When You Are) Gregory Ray dot gray inc. @dotgray Sunday, March 15, 15 Resources Codex.WordPress.org / Hardening_WordPress Blog.Sucuri.net / WordPress Security WPSecure.net /

608 views • 32 slides

Chapter 9 Internet Email Page 1 We Shall be Covering ... Internet email Using Ximian

Chapter 9 Internet Email Page 1 We Shall be Covering ... Internet email Using Ximian Evolution email Using Mozilla Mail email Page 2 Internet Email Web-based (webmail) or POP3-based Webmail: uses ubiquitous web browser to

498 views • 25 slides

Cloud-based email security and filtering Index 1. Email Challenges in Corporate Environments

Cloud-based email security and filtering Index 1. Email Challenges in Corporate Environments Problems Needs 2. The solution: Email Protection What is it? Benefits Features Email Protection 24/06/2015 2 Email Challenges

143 views • 11 slides

All your packets are belong to us Attacking backbone technologies Daniel Mende & Enno Rey

All your packets are belong to us Attacking backbone technologies Daniel Mende & Enno Rey {dmende, erey}@ernw.de Who we are Old-school network geeks. Working as security researchers for Germany based ERNW GmbH. Fiddling

630 views • 38 slides

The Shocking Secrets of the Electric Grid !!! Are Current Fears That It Can Be Hacked Well

The Shocking Secrets of the Electric Grid !!! Are Current Fears That It Can Be Hacked Well Grounded? Eastern Western Texas Transmission G L Generation Load Kilowatt = 1 thousand watts Megawatt = 1 million watts Gigawatt = 1

323 views • 18 slides

Attacking the stack Thanks to SysSec and Int. Secure Systems Labs at Vienna University of

Attacking the stack Thanks to SysSec and Int. Secure Systems Labs at Vienna University of Technology for some of these slides sws1 1 1 Attacking the stack We have seen how the stack works. Now: lets see how we can abuse this. We have

733 views • 48 slides

Marketing Sales & Business Development HR/Training You have been invited to

You have been invited to view a secured presentation that requires you to confirm your identity before viewing. Hmm...something's not right Contact Support Now check your email An email with instructions on resetting your password has been sent to

213 views • 7 slides

Security by Any Other Name: On the Effectiveness of Provider Based Email Security Ian Foster,

Security by Any Other Name: On the Effectiveness of Provider Based Email Security Ian Foster, Jon Larson, Max Masich, Alex C. Snoeren, Stefan Savage, and Kirill Levchenko University of California, San Diego Recent Email Communications

449 views • 28 slides

Ho Homework 1 Revie view No screens Say your name Prof. Lydia Chilton COMS 4170 3 February

Ho Homework 1 Revie view No screens Say your name Prof. Lydia Chilton COMS 4170 3 February 2020 Interfaces display information in a way that helps users accomplish a goal . GMail Pine text-based email client 2 Seven tools for visually

503 views • 21 slides

1. Visit the Parent View website https://parentview.ofsted.gov.uk/parent-view- results 2. On

1. Visit the Parent View website https://parentview.ofsted.gov.uk/parent-view- results 2. On screen OFSTED Parent View, Your Child school 3. To register click on Register Now 4. Enter your Email address in box 5. Confirm your

144 views • 3 slides

Lagan View WiFi: Enter Email, Agree and Connect Welcome! International Travel Trade Platforms

Lagan View WiFi: Enter Email, Agree and Connect Welcome! International Travel Trade Platforms Masterclass 23 rd January 2018 Eimear Callaghan Business Solutions Manager Tourism Northern Ireland Programme Where are we now? Kate

758 views • 43 slides

y g sws1 1 Attacking the stack Thanks to SysSec and Int. Secure Systems Labs at Vienna

Security bug of the week (in iOS and OS X) y g sws1 1 Attacking the stack Thanks to SysSec and Int. Secure Systems Labs at Vienna University of Technology for some of these slides sws1 2 2 Attacking the stack g We have seen how the

850 views • 47 slides

Non-Attacking Chess Pieces: The Dance of Bishops Thomas Zaslavsky Binghamton University (State

Non-Attacking Chess Pieces: The Dance of Bishops Thomas Zaslavsky Binghamton University (State University of New York) Joint with Seth Chaiken and Christopher R.H. Hanusa Outline 1. Chess Problems: Non-Attacking Pieces 2. Largely Czech

608 views • 17 slides

Attacking the stack Thanks to SysSec and Secure Systems Labs at Vienna University of Technology

Attacking the stack Thanks to SysSec and Secure Systems Labs at Vienna University of Technology for some of these slides Attacking the stack We have seen how the stack works. Now: lets see how we can abuse this. We have already seen how code

671 views • 47 slides

HACKED EVIDENCE - NOW WHAT? Kyiv Arbitration Days, 13 September 2019 Veronika Korom Solicitor,

HACKED EVIDENCE - NOW WHAT? Kyiv Arbitration Days, 13 September 2019 Veronika Korom Solicitor, England & Wales Avocat au Barreau de Paris ESSEC Business School This copy is for your personal, non-commercial use only. To order

457 views • 8 slides