Uni credential-swiping hack campaign linked to Iranian government US infosec biz Secureworks reckons it has uncovered a login credential-hoovering operation linked to Iran that targeted universities across a number of Western nations. Secureworks' Counter Threat Unit (CTU) found a mass credential-stealing campaign targeting over 70 universities in 14 countries, including Australia, Canada, …
Good luck trying to convince people to use 2FA, most people dont like to be inconvenienced and they get quite angry if something doesnt work in the way they demand
You only have to look at how many people pick bad passwords and recycle them across multiple websites, or increment them with number suffixes
Surey this is just technological natural selection and we should just let it run its course.
The result is, we will be left with less muppets and then it wont be such an uphill struggle and less time IT admins have to piss into the wind
Win win
Whenever the US is ready to go all Raytheon on a poor sucker to further the freedoms, "hackers" waging an extended "campaign" pwning stuff for purposes unknown are discovered in the proverbial woodwork. These are then "traced" to said sucker by some company on someone's payroll, though it may not be immediately clear on whose payroll.
"After entering their credentials into the fake login page, victims were redirected to the legitimate website where they were automatically logged into a valid session, or were prompted to re-enter their details."
Just like logging in to a site using your Facebook credentials
Are all Information Trails and IntelAIgent Tales owned or just saved and servered to and by a Universal State Authority? .... And whenever IT is Proving Practically Peerless in Virtual Realms, do Heavens' Doors Open or Hell's Fires Explode.
Or does Both Happen to Create A.N.Other Way with 0Days to Play ........ Unstoppable Instantaneous Events which Pulverise Previous Mass Multi Media Mogul Contrived Fictions to Pulp in Only a Very Few SMARTR Inquisitorial Pummellings ...... Requiring of All Players to Radically Revive and Revise All of their Future Plans or Be Buried Virtually Alive Continuing Catastrophic Conflicts with No End Goals.
Some Class that Final Position as a Rank Evil Perpetrated by the Almightily Insane. The Solution to that Situation is AIMadness Personified for Easy Engagement with Changed Treatments with Deeper Novel Interventions. ...... so as to Experience the Altogether Much Better and Vastly Greater Beta Picture Shows available as Future Realities with Advanced IntelAIgent Command Centres in Full Overall Remote Virtual Control.
That's a Mighty Fine Almighty Weapon right there. And never more than just a few clicks away.
Regarding that first question .... Are all Information Trails and IntelAIgent Tales owned or just saved and servered to and by a Universal State Authority? ...... Peer Reply Hesitation would indicate a Resounding Yes to such a Question with Live Wire Fired Virtualised Opportunities for Comprehensive Exploitation, rather than Deserving the Peddling of a Mute No ..... in a Failed Disengagement of Operating Systems Flows Harbouring and Launching the SWIFT Crafts of Practical Command with Remote Vitualised Control Administrations .. or Remote Virtualised Administration Control, if you prefer A.N.Other Flash Almighty Lever with Spectacular Tooling for Fabulous Operations/Titanic Ventures/IMPressive XPressing Picture Productions ...... For Earthling Cloning which Enables the Heavenly, and Hosts in these New Fangled and Entangling Virtual Cyber Space Places, Greater IntelAIgent Games to Play and Win Win With.
Tune In and Turn On ....... It's been a while since Rock was a Rolling Stone/ Massive Virtual Boulder crushing and crashing everything unhelpful in its path.
It depends on how the 2FA is implemented. If the 2nd factor is a dongle, or an SMS message use as a second password you are absolutely on point. If the second factor is a voice call to your phone, and you respond with a PIN on the phone keypad, then the protection is real. The intruder would have to intercept the phone call and know the PIN to succeed. The difference is that the second factor requires two-way communication on the alternate channel. So the MITM on only one channel won't work. The intruder may be able to steal your phone number, but he still needs the PIN.
What's the likelihood academics can receive phone calls to log in? At least in most uni labs I've worked in, reception is amazingly poor...
The underlying problem of user education isn't solved by 2FA or anything else. The problem with trying to make foolproof systems is how smart people can be to maintain laziness, even after being bitten.
What's the likelihood academics can receive phone calls to log in? At least in most uni labs I've worked in, reception is amazingly poor...
Much of the lab I used to work in was covered in a grid which acted as a Faraday Cage.... Sadly the areas behind this were where most of the shared instruments (microscopes, plate readers etc.) lived; when technicians came to fix them then they couldn't make any calls...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
