Europe Says<p><a href="https://www.europesays.com/2043146/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">europesays.com/2043146/</span><span class="invisible"></span></a> In Mid-Michigan, Thumb area, voters get candid on Trump’s 1st 100 days <a href="https://pubeurope.com/tags/article" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>article</span></a> <a href="https://pubeurope.com/tags/ArticlePlus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ArticlePlus</span></a> <a href="https://pubeurope.com/tags/Branch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Branch</span></a> <a href="https://pubeurope.com/tags/campaigns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>campaigns</span></a> <a href="https://pubeurope.com/tags/CampaignsU0026Elections" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CampaignsU0026Elections</span></a> <a href="https://pubeurope.com/tags/democratic" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>democratic</span></a> <a href="https://pubeurope.com/tags/DemocraticParty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DemocraticParty</span></a> <a href="https://pubeurope.com/tags/Donald" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Donald</span></a> <a href="https://pubeurope.com/tags/DonaldTrump" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DonaldTrump</span></a> <a href="https://pubeurope.com/tags/elections" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>elections</span></a> <a href="https://pubeurope.com/tags/Executive" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Executive</span></a> <a href="https://pubeurope.com/tags/ExecutiveBranch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ExecutiveBranch</span></a> <a href="https://pubeurope.com/tags/Harris" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Harris</span></a> <a href="https://pubeurope.com/tags/in" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>in</span></a> <a href="https://pubeurope.com/tags/Kamala" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kamala</span></a> <a href="https://pubeurope.com/tags/KamalaHarris" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KamalaHarris</span></a> <a href="https://pubeurope.com/tags/Negative" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Negative</span></a> <a href="https://pubeurope.com/tags/open" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>open</span></a> <a href="https://pubeurope.com/tags/OpenInWebview" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenInWebview</span></a> <a href="https://pubeurope.com/tags/Overall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Overall</span></a> <a href="https://pubeurope.com/tags/OverallNegative" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OverallNegative</span></a> <a href="https://pubeurope.com/tags/party" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>party</span></a> <a href="https://pubeurope.com/tags/Plus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Plus</span></a> <a href="https://pubeurope.com/tags/Politics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Politics</span></a> <a href="https://pubeurope.com/tags/Republican" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Republican</span></a> <a href="https://pubeurope.com/tags/RepublicanParty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RepublicanParty</span></a> <a href="https://pubeurope.com/tags/trump" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>trump</span></a> <a href="https://pubeurope.com/tags/u0026" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>u0026</span></a> <a href="https://pubeurope.com/tags/Webview" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Webview</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
244active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#webview
0 posts · 0 participants · 0 posts today
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.vivaldi.net/@ajsadauskas" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ajsadauskas</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@JessTheUnstill" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>JessTheUnstill</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.world/@tomiahonen" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>tomiahonen</span></a></span> yes, and to <em>add insult to injury</em> <a href="https://infosec.space/tags/Mozilla" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mozilla</span></a> didn't even wanted to sell people like <span class="h-card" translate="no"><a href="https://oxytodon.com/@fuchsiii" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>fuchsiii</span></a></span> or me a <a href="https://infosec.space/tags/FirefoxOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FirefoxOS</span></a> device, with the only one being <em>"launched"</em> in the <a href="https://infosec.space/tags/EU" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EU</span></a> being a <a href="https://infosec.space/tags/SimLock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SimLock</span></a>'d & <a href="https://infosec.space/tags/NetLock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetLock</span></a>'d <a href="https://infosec.space/tags/prepaid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>prepaid</span></a> phone in <a href="https://infosec.space/tags/Spain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spain</span></a> one could only attain in-store with all the <em>"<a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KYC</span></a>"</em> nonsense they had, demanding a legal address in Spain back then.</p><ul><li>So whilst Firefox OS had the <em>most "<a href="https://infosec.space/tags/accessible" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>accessible</span></a>"</em> <a href="https://infosec.space/tags/Development" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Development</span></a> <a href="https://infosec.space/tags/tools" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tools</span></a> (literally using <a href="https://infosec.space/tags/Firefox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Firefox</span></a> for it and having <em>every <a href="https://infosec.space/tags/App" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>App</span></a></em> as <a href="https://infosec.space/tags/WebView" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebView</span></a>|s / <a href="https://infosec.space/tags/HTML5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HTML5</span></a>+<a href="https://infosec.space/tags/JS5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JS5</span></a>+<a href="https://infosec.space/tags/CSS3" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CSS3</span></a> files in a container), they didn't even sold <em>us</em> said devices, making it a worse flop than <a href="https://infosec.space/tags/UbuntuTouch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UbuntuTouch</span></a> which at least still gets some devices made that support it...</li></ul><p>And <a href="https://infosec.space/tags/nerds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nerds</span></a> like myself are far from the <em>"<a href="https://infosec.space/tags/consoomer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>consoomer</span></a> <a href="https://infosec.space/tags/Normies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Normies</span></a>"</em> for whom stuff that isn't on shelves at Staturn/MediaMarkt, BestBuy, Walmart, ... doesn't exist. I'm used to importing <a href="https://infosec.space/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> that I want!</p><ul><li>Feels even more <a href="https://www.youtube.com/watch?v=0DSGq9FQKU4" rel="nofollow noopener noreferrer" target="_blank">half-assed</a> than <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MobileCoin</span></a> in hindsight…</li></ul>
Kevin Karhan :verified:<p>Modern <a href="https://infosec.space/tags/TechStack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechStack</span></a>|s are convenient but they also make <a href="https://infosec.space/tags/developers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>developers</span></a> lazy and result in the <a href="https://infosec.space/tags/enfattening" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>enfattening</span></a> of <a href="https://infosec.space/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Software</span></a> and <a href="https://infosec.space/tags/Games" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Games</span></a>. </p><ul><li>Like we had <a href="https://infosec.space/@kkarhan/114221332397399583" rel="nofollow noopener noreferrer" target="_blank">entire Music Videos on the spare space</a> of a <a href="https://infosec.space/tags/NeoGeoCD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NeoGeoCD</span></a> which meant this needed to be streamed, and mind you this is redbook CD Audio, not fancy ATRAC3 or Opus...</li></ul><p>Nowadays we have shitty <a href="https://infosec.space/tags/WebApps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebApps</span></a> that eat up 100+MB just for a <a href="https://infosec.space/tags/WebView" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebView</span></a> and which are instantly useless once they don't have a high-speed, low latency internet connection!</p><ul><li>People like <a href="https://infosec.space/tags/GraceHopper" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GraceHopper</span></a> and <a href="https://infosec.space/tags/MargaretHamilton" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MargaretHamilton</span></a> propably wouldn't even be mad, but just disappointed, knowing how a modern <a href="https://infosec.space/tags/IDE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IDE</span></a> eats more computing power than the entire human race had at their career peaks...</li></ul><p>And don't even get me started on all the <a href="https://infosec.space/tags/WastefulComputing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WastefulComputing</span></a> aka. <em>"<a href="https://infosec.space/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a>"</em> <a href="https://infosec.space/tags/bs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bs</span></a> and <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Shitcoin</span></a> - <a href="https://infosec.space/tags/Scams" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Scams</span></a>!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://transfem.social/@ahrienby" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ahrienby</span></a></span> that's because <a href="https://infosec.space/tags/iOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iOS</span></a> and <a href="https://infosec.space/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> are quite different and unless you want to generate 100+ MB <a href="https://infosec.space/tags/Cordova" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cordova</span></a> / <a href="https://infosec.space/tags/nwjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nwjs</span></a> containers, you're better off writing native code... </p><ul><li>Pretty shure <em>both</em> just spawn a modified <a href="https://infosec.space/tags/WebView" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebView</span></a> context...</li></ul>
kratoz29<p>Somebody that uses <a href="https://mastodon.social/tags/Flipboard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Flipboard</span></a> can answer me if they always used android/ios <a href="https://mastodon.social/tags/webview" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webview</span></a> to display their content?</p><p>I am asking because I decided to use it again after who knows how many years, and it doesn't have its dedicated reader such as <a href="https://mastodon.social/tags/Feedly" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Feedly</span></a> or <a href="https://mastodon.social/tags/Feeder" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Feeder</span></a> and I definitely remember it did. </p><p><a href="https://mastodon.social/tags/android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>android</span></a> <a href="https://mastodon.social/tags/ios" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ios</span></a> <a href="https://mastodon.social/tags/app" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>app</span></a> <a href="https://mastodon.social/tags/reader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reader</span></a></p>
Erik van Straten<p>In *2019*, Alex Weinert of Microsoft wrote in <a href="https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/all-your-creds-are-belong-to-us/ba-p/855124" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">techcommunity.microsoft.com/t5</span><span class="invisible">/microsoft-entra-azure-ad-blog/all-your-creds-are-belong-to-us/ba-p/855124</span></a>:</p><p>«<br> MFA had failed.</p><p> [...]<br> All Authenticators Are Vulnerable<br> [...]<br>»</p><p>Today, as echoed in <a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-enable-mfa-or-lose-access-to-admin-portals-in-october/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/micr</span><span class="invisible">osoft/microsoft-enable-mfa-or-lose-access-to-admin-portals-in-october/</span></a>, Microsoft still insists that using weak MFA is a good idea.</p><p>In <a href="https://azure.microsoft.com/en-us/blog/announcing-mandatory-multi-factor-authentication-for-azure-sign-in/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">azure.microsoft.com/en-us/blog</span><span class="invisible">/announcing-mandatory-multi-factor-authentication-for-azure-sign-in/</span></a> Microsoft writes (on August 15):</p><p>«<br>As recent research [1] by Microsoft shows that multifactor authentication (MFA) can block more than 99.2% of account compromise attacks, making it one of the most effective security measures available, today’s announcement brings us all one step closer toward a more secure future.<br>»</p><p>From that same article, "solutions" with (nearly as weak as SMS) "Microsoft Authenticator" is at the TOP of their list:</p><p>«<br>Organizations have multiple ways to enable their users to utilize MFA through Microsoft Entra:</p><p>• Microsoft Authenticator [...]<br>• FIDO2 security keys [...]<br>• Certificate-based authentication [...]<br>• Passkeys [...]<br>• Finally, and this is the least secure version of MFA, you can also use a SMS or voice approval [...]<br>»</p><p>From [1] (PDF) = <a href="https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW166lD?culture=en-us" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">query.prod.cms.rt.microsoft.co</span><span class="invisible">m/cms/api/am/binary/RW166lD?culture=en-us</span></a> , no date of the "investigation period" to be seen *anywhere*, and one of the authors being Alex Weinert, more extreme percentages (approved by Microsoft's marketing dept):</p><p>« <br>Our findings reveal that MFA implementation offers outstanding protection, with over 99.99% of MFA-enabled accounts remaining secure during the investigation period. Moreover, MFA reduces the risk of compromise by 99.22% across the entire population and by 98.56% in cases of leaked credentials.<br>»</p><p>Dear reader: please stop buying Microsoft BS that completely ignores PhaaS.</p><p>To name a few examples:</p><p>🚨 "Experts agree [*] that setting up two-factor authentication (2FA) İs one of the most powerful ways to protect your account from getting hacked. However, hackers like COLDRIVER and COLDWASTREL may try to trick you into entering your second factor; we have seen attackers successfully compromise a victim who had enabled 2FA." - (PDF) <a href="https://www.accessnow.org/wp-content/uploads/2024/08/Spearphishing-cases-in-Eastern-Europe-2022-2024-technical-brief.pdf" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">accessnow.org/wp-content/uploa</span><span class="invisible">ds/2024/08/Spearphishing-cases-in-Eastern-Europe-2022-2024-technical-brief.pdf</span></a></p><p>[*] Not me. My tip is here: <a href="https://infosec.exchange/@ErikvanStraten/112724966066248808" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/112724966066248808</span></a></p><p>🚨 EvilGinx2: "Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication" - <a href="https://github.com/kgretzky/evilginx2" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/kgretzky/evilginx2</span><span class="invisible"></span></a> (there are more, like Modlishka, Muraena, CredSniper, EvilProxy (Phaas), NakedPages etc.)</p><p>🚨 Not even a fake website needed: <a href="https://www.bleepingcomputer.com/news/security/new-greatness-service-simplifies-microsoft-365-phishing-attacks/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/new-greatness-service-simplifies-microsoft-365-phishing-attacks/</span></a></p><p>🚨 From <a href="https://mrd0x.com/attacking-with-webview2-applications/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mrd0x.com/attacking-with-webvi</span><span class="invisible">ew2-applications/</span></a>:<br>«<br>Bypass 2FA<br>WebView2 also provides built-in functionality to extract cookies. This allows an attacker to extract cookies after the user authenticates into the legitimate website. This technique removes the need of having to spin up Evilginx2 or Modlishka but the obvious trade-off is that the user must execute the binary and authenticate.<br>»<br>In addition, from <a href="https://www.bleepingcomputer.com/news/security/clever-phishing-method-bypasses-mfa-using-microsoft-webview2-apps/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/clever-phishing-method-bypasses-mfa-using-microsoft-webview2-apps/</span></a>:<br>«<br>"Yubikeys can't save you because you're authenticating to the REAL website not a phishing website."<br>mr.d0x<br>»<br>AND:<br>«<br>However, as mr.d0x admits and Microsoft pointed out in their response to our questions, this attack is a social engineering attack and requires a user to run a malicious executable.<br>»<br>Correct, but a local compromise does'nt protect you when you're using FIDO2 hardware keys or passkeys.</p><p>🚨 From 2022: <a href="https://microsoft.com/en-us/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">microsoft.com/en-us/security/b</span><span class="invisible">log/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/</span></a>:<br>«<br>A large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the user had enabled multifactor authentication (MFA).<br>»</p><p>🚨 "Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling" - <a href="https://www.netskope.com/blog/phishing-with-cloudflare-workers-transparent-phishing-and-html-smuggling" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">netskope.com/blog/phishing-wit</span><span class="invisible">h-cloudflare-workers-transparent-phishing-and-html-smuggling</span></a></p><p>🚨 "New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security" - <a href="https://thehackernews.com/2022/09/new-evilproxy-phishing-service-allowing.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2022/09/new-</span><span class="invisible">evilproxy-phishing-service-allowing.html</span></a></p><p>🚨 From <a href="https://www.europol.europa.eu/media-press/newsroom/news/international-investigation-disrupts-phishing-service-platform-labhost" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">europol.europa.eu/media-press/</span><span class="invisible">newsroom/news/international-investigation-disrupts-phishing-service-platform-labhost</span></a>:<br>«<br>The investigation uncovered at least 40 000 phishing domains linked to LabHost, which had some 10 000 users worldwide.<br>[...]<br>LabRat was designed to capture two-factor authentication codes and credentials, allowing the criminals to bypass enhanced security measures.<br>»</p><p>🚨 "Security and Privacy Failures in Popular 2FA Apps" by Gilsenan et al. (USENIX 2023): <a href="https://www.usenix.org/conference/usenixsecurity23/presentation/gilsenan" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">usenix.org/conference/usenixse</span><span class="invisible">curity23/presentation/gilsenan</span></a><br>The PDF can also be found here: <a href="https://github.com/blues-lab/totp-app-analysis-public" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/blues-lab/totp-app-</span><span class="invisible">analysis-public</span></a> (Aegis was one of the least problematic apps, and don't use Authy).</p><p>This is what is wrong with weak MFA/2FA:</p><p> You<br> o<br> /|\ [device + browser]<br> / \ |<br> v<br> [login.microsoftonline-aitm.com]<br> |<br> v<br> [login.microsoftonline.com]</p><p>(no thanks to DV-certificates).</p><p><a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/EvilProxy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EvilProxy</span></a> <a href="https://infosec.exchange/tags/PhaaS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PhaaS</span></a> <a href="https://infosec.exchange/tags/Authenticator" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authenticator</span></a> <a href="https://infosec.exchange/tags/TOTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TOTP</span></a> <a href="https://infosec.exchange/tags/OTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTP</span></a> <a href="https://infosec.exchange/tags/MicrosoftAuthenticator" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MicrosoftAuthenticator</span></a> <a href="https://infosec.exchange/tags/Authy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authy</span></a> <a href="https://infosec.exchange/tags/Aegis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Aegis</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/WebView" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebView</span></a> <a href="https://infosec.exchange/tags/AitB" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitB</span></a> <a href="https://infosec.exchange/tags/MitB" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitB</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Trust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Trust</span></a> <a href="https://infosec.exchange/tags/TrustWorthyNess" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TrustWorthyNess</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/PasswordManager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PasswordManager</span></a> <a href="https://infosec.exchange/tags/CheckDomainName" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CheckDomainName</span></a> <a href="https://infosec.exchange/tags/DomainNameCheck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DomainNameCheck</span></a></p>
CryptGoat<p>Does anyone else have his <a href="https://digitalcourage.social/tags/AntennaPod" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AntennaPod</span></a> constantly crashing after a random passing of several minutes, somehow elated to <a href="https://digitalcourage.social/tags/Vanadium" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vanadium</span></a> <a href="https://digitalcourage.social/tags/WebView" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebView</span></a> under <a href="https://digitalcourage.social/tags/GrapheneOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GrapheneOS</span></a>?</p><p><a href="https://digitalcourage.social/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload