Look after yourself, the hacker is watching!

Posted by Mitnick Security on Oct 23, 2018 5:00:00 PM

Do you think that you are safe by entrusting data to Microsoft, Google or Apple? And logging in with two-step verification?

None of this, even there you can hack - claims the most famous hacker Kevin Mitnick.

(Ed. note: Translated using Google)

To prove this, Mitnick, the guest of the "Inside Trends" conference, demonstrated several hacking attacks live. Let's take a login with a two-stage version. To be safer, in addition to the login and password, you must enter the code from an SMS sent to your mobile phone. Theoretically, without cell access, you can not enter your account. However, Mitnick showed on the example of LinkedIn that in practice this protection can be circumvented. How?

The hacker first breaks into the user's computer and waits for that to log into LinkedIn and enter a one-time code from an SMS. Then just download the "cookie" generated by LinkedIn from the attacked computer and enter it in your own browser. And here is someone stranger entered our account.

The live presentation of remote encryption of e-mails in the "cloud" Outlook box was equally dangerous. The trick is to get the user to click on the email with an attachment that will infect the mailbox. How to do it? Just impersonate Microsoft, which recommends updating the software. If an inattentive user clicks on the attachment, he will give remote control over the hacker's box. And this one can quickly encrypt the content of e-mails and demand a ransom (that's how "ransomware" software works).

Kevin Mitnick, after his passing from youth (in the 90s he was detained by the FBI and convicted by a court for 5 years in prison for hacking into secure systems), founded a company that, at the request of other companies, breaks into their network to find weak points. Completely legally and for money.

- The most important part is "breaking a man" - convinces Mitnick. The so-called. "Social hacking", that is, drawing information about employed people or the habits of the company is a necessary introduction to real hacking. A properly prepared hacker thanks to psychological tricks and manipulation is able to penetrate everywhere. The Mitnick Security team boasts almost 100% here. efficiency.

To view the original article and other important news articles, please refer to the source.

Source: Newsweek Polska

Topics: Social Engineering, SMS, Warsaw, Poland, two-step verification, cloud, encryption, cell access, Inside Trends conference, keynote speaker, malicious email, Mitnick Security Team, cookie, Outlook box, ransomware, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

PCI Testing: Everything You Need To Know

Penetration testing is crucial for businesses to help ensure that their security posture will stand against threat actors. For businesses that handle ..

Read more ›

The 4 Phases of Penetration Testing

So, you’ve done your research on penetration testing and are ready for the pentest engagement. But before you choose just any pentesting vendor, it’s ..

Read more ›

What is Web Application Penetration Testing?

Is your company in the process of developing a new application? There are a lot of moving parts involved in developing and deploying cutting-edge appl..

Read more ›
tech-texture-bg

© Copyright 2004 - 2023 Mitnick Security Consulting LLC. All rights Reserved. | Privacy Policy