• S&T Forum Guidelines
  • S&T Moderators: VerbalTruist | Skorpio | alasdairm

Internet Just another MFA attack vector

Cheshire_Kat

Cheshire_Kat

Moderator: PD
Staff member
Joined
Jul 8, 2017
Messages
9,600
One of my favorite hobbies is internet security.

Here's an interesting approach to use MFA against a user's security defense strategy ...




Hint for safer internet use: Always check the URL that an email link presents for "malarkey" .

Always

Always

And look closely for malformed links using easily confused letters like 1 and l , double l's, O and 0's etc.

Have fun, but stay safe !!!
 
Hmm, interesting. I always love seeing unique approaches for this stuff.. Great to see there's people here interested in security {and a staff member too!). I just registered here a few hours ago and was hoping to meet likeminded people. I've been into cybersecurity for almost 20 years now and have worked in the industry for almost 10 years.

Now that I know there's people here with the same interests I'll start sharing some of my own unique research (including stuff on MFA).
 
DaturaDactyl said:
Hmm, interesting. I always love seeing unique approaches for this stuff.. Great to see there's people here interested in security {and a staff member too!). I just registered here a few hours ago and was hoping to meet likeminded people. I've been into cybersecurity for almost 20 years now and have worked in the industry for almost 10 years.

Now that I know there's people here with the same interests I'll start sharing some of my own unique research (including stuff on MFA).
Click to expand...
Please do !
 
Arnold said:
In the future there won't be many exploits about anymore.

This is now let alone in ten years time.
AI writes buggy code? Think again.
vulcanpost.com

Goodbye programmers: Team of AI bots develops software in 7 minutes instead of 4 weeks

Mastering programming languages may soon be akin to learning Latin.
vulcanpost.com
Click to expand...

LOL, that's exactly what they said when programmers first started introducing reusable code back in the 1960's. The theory then was that code would be so well developed and reviewed that it would become faultless.

How did that work out? Millions of man hours later and there are just as many if not more bugs then when they made that claim.

Just because a computer does something does not make it faultless, LOL.

Nice dream, though ... 👍

When I first started programming video games in the 1980's I spent countless hours writing code and thought I had all the possibilities covered. 99% of the time I would let my kids try a version of the game and they would crash it within an hour or so. It's practically impossible to see all possibilities that users might accidentally throw at an application or operating system. The universe is way too chaotic for that.
 
Last edited:
AI is already making changes to the internet landscape.

Astra, OpenVas etc..

Also on the other side.
 
Last edited:
Arnold said:
AI is already making changes to the internet landscape.

Astra, OpenVas etc..

Also on the other side.
Click to expand...

There's no denying that what is presently called AI is doing that, but writing code without exploits is not as simple as writing code without bugs.

You do realize that most exploits are not "bugs" but an engineered method of creating code that uses other code to react differently than it was intended to, not just code errors, right? A lot of malicious code is engineered to make hardware malfunction at a very low level, then take advantage of that. Some hardware out there is still running very old software on very old hardware and won't be patched for one reason or another. Some of these cases are in very vulnerable uses, like Nuclear Reactors, communications hubs and medical devices. These devices are not upgraded or replaced because of the time and difficulty to certify the new hardware/software and the dangers of patching/upgrading/replacement and the software/hardware is highly regulated. You would be surprised how prevalent this is in the real world. I have personally worked on systems that were twenty and thirty years old still running and doing it's job with the original hardware and software.
 
PLC Modbus RTU SCADA
You'd have to replace the plc's at enormous cost. Downtime/parts/work etc...
 
Last edited:
side channeling

Concrete example: for decades the low level authorization code (password) on many nuclear missile sites was set to 0000.
No one would ever think of that, right? Yet it was true until someone higher up the chain caught it. Humans and their inherent laziness is very often the best attack vector. How can AI defend things that are intentionally left unlocked for convenience, regardless of AI's inherent intelligence?
 
Last edited:
AI can scan things far quicker and more efficient than a pentester with a scanning tool.
Just look up ASTRA at a fraction of the cost.

Now AI can make mistakes but less than humans.

This is why stuxnet came about, how do you keep something safe? Disconnect or don't ever connect at all to the interwebz.
 
You must log in or register to reply here.
Top