kodamachameleon.com
Cyber Threat Intelligence | OSINT Enthusiast | Software Developer
š https://kodamachameleon.com
66 posts
69 followers
190 following
Regular Contributor
Active Commenter
comment in response to
post
comment in response to
post
A couple of essential shortcuts:
- ctrl+A
- ctrl+E
- ctrl+C
comment in response to
post
While good password hygiene is critical, itās also insufficient. Culture needs to normalize stronger solutions like MFA and passwordless authentication.
comment in response to
post
Did an article last fall about how to automate the evaluation and selection of IOFA.
kodamachameleon.com/2024/10/22/f...
comment in response to
post
To throw some more fuel on the privacy fire, Flock has already been known to have instances of poor or misconfigured security allowing public access to their cameras.
comment in response to
post
Which begs the question, is AI breaking the system or exposing an already broken oneā¦
comment in response to
post
The scammers often use Google street view to show the victim pictures of their home. If you have been targeted in the past, one thing you might consider is blurring your home.
mashable.com/article/how-...
comment in response to
post
The more sophisticated scams are able to make it look like the email is coming from the victimās own address (depending on the service provider); thereby, heightening the illusion of device take over.
comment in response to
post
Userās seeking to embrace passkeys will probably be best served using a third-party password manager which supports passkeys since most big tech will likely continue to use passkeys as another way of forcing vendor lock-in.
comment in response to
post
Email tagging is beautiful! I have been able in the past to quickly identify legitimate vs. illegitimate based on the tag.
comment in response to
post
Why does this feel so ominous? Sounds so much like every other āpersonalizedā tech offering in existence, just another excuse to profile users and invade privacy. Arguably, OpenAI was already doing this anyways, but, personally, I donāt always want ChatGPT to remember old conversations.
comment in response to
post
Which is why some of the best security decisions take the human out of the loop.
comment in response to
post
The QR code is only useful to the attacker if it has been initialized in an authentication app. Otherwise the attacker would have to trick the victim into initializing it for them.
comment in response to
post
Ok, that makes more sense. It sounded like you were suggesting they might steal the QR code which would be really difficult. Stealing the OTP from the authenticator app would be easier and more useful.
comment in response to
post
Or are you simply saying that a user might be tricked into sending an attacker their OTP from their authentication app?
comment in response to
post
It sounds like you are suggesting that an attacker can somehow convince a user to send them a QR code and that is all they need to login. I donāt think it works that way!
comment in response to
post
Interesting. Can you tell me more about how these malicious QR codes are being utilized to bypass MFA?
comment in response to
post
You mention in your article the lack of known exploitation of QR based OTP while SMS phishing (or worse, SIM swapping) is a well documented problem. Sounds like a win for security.
comment in response to
post
WhatsMyName is thanks to @webbreacher.com
comment in response to
post
All thanks to the EUās antitrust laws. Why does this sound familiar?
www.pcmag.com/news/why-did...
comment in response to
post
Not sure if itās just me, but calling a sophisticated phishing attack a āhackā feels misleading. Maybe I missed somethingā¦
comment in response to
post
Most people operate based on emotions instead of logic more than they would care to admit.ā¤ļø Itās a feature, not a bug. Hackers know this and repeatedly exploit the āweakest link.ā
comment in response to
post
This article is out-of-date with NIST recommendations against frequent password rotation (cybersecuritynews.com/nist-rules-p...)
comment in response to
post
Ideally, the focus should be on transparency and not on meeting some arbitrary standard of configs.
comment in response to
post
Also from the same scamā¦
https://e-zpassntp[.]top/pay
https://e-zpassmhv[.]top/pay
https://ezdrive.com-345x[.]top/us
comment in response to
post
A lot of fake Kevin Beaumonts on Blue Skyā¦
comment in response to
post
Right! Also, developers sometimes limit the password length for performance reasons.
comment in response to
post
Limiting special characters is possibly indicative of poor input sanitization. Instead of building a more robust system, they just forbid certain problematic characters.
comment in response to
post
Nice! I am a big fan of graph theory. People are probably afraid to admit what they do not know, if I had to guess.