Once again, cryptocurrency has monetized cybercrime. Scams are substantially easier and harder to trace properly with crypto, helping cybercrime to scale up to this insane level we see today.
Looking at how I can prevent this from happening to myself, am I missing something?
Why didn't their email-service's anti-virus pick up on virus?
In the case that it was in a zip, why didn't said anti-virus extract the zip & scan?
In the case of a password-protected zip, why didn't the computer scan the file upon extraction?
In the case of a scan upon extraction, why was it missed? Outdated definitions or zero day?
Linus also spoke about invalidating sessions. This is something that requires careful planning. We can't do it due to our teams switching VPNs so often.
We do enable Impossible Travel in Okta by default for our clients.
Any part of the system can be spoofed; virtual machines exist. In addition, once you have a session token, you don't even need to involve a browser, you can just make requests to the server directly.
From the perspective of a browser, it seems like a better mitigation would be to make it harder to steal these tokens in the first place. Cookies have to be persisted to disk in order to survive browser restarts, but maybe some cookies could be identified as password-equivalents and get stored in the system's keyring.
And of course, from the perspective of a server, they could probably be more credulous when they see a session token trying to make account management actions from a new IP.
I wonder if there could be a new secure cookie/session token standard that makes use of hardware security keys like TPM/Secure Enclave to prevent them from being exfiltrated. They could be domain scoped for access like Passkeys are. Maybe DNSSEC could prevent MITM attacks of it as well.
IMHO Pretty great of dbrand to step in and sponsor a topically sensitive video on short notice as well as provide a pretty big carrot to bring in a flood of traffic. Just ordered a matte black skin for my MBP 14". I have no relation to dbrand other than being an occasional customer.
Pxtl|2 years ago
Thanks, bitcoin.
FredPret|2 years ago
aeroaero|2 years ago
If I open a pdf in chrome for example am I opening myself up to this kind of attack?
WirelessGigabit|2 years ago
We do enable Impossible Travel in Okta by default for our clients.
dawnerd|2 years ago
kibwen|2 years ago
From the perspective of a browser, it seems like a better mitigation would be to make it harder to steal these tokens in the first place. Cookies have to be persisted to disk in order to survive browser restarts, but maybe some cookies could be identified as password-equivalents and get stored in the system's keyring.
And of course, from the perspective of a server, they could probably be more credulous when they see a session token trying to make account management actions from a new IP.
samcat116|2 years ago
scoks|2 years ago
Renaud|2 years ago
I blame Windows hiding the extension of known files by default.
`anything.pdf.exe` would show as `anything.pdf`
Can't blame people from thinking it's a PDF.
Otherwise, I use SumatraPDF as a viewer. Small, no frills, probably less of a vulnerability target than Adobe Acrobat.
bren62x|2 years ago
input_sh|2 years ago
It allows creating granular permissions and you can see its interface around 08:15.
robbiet480|2 years ago
blippies|2 years ago
[deleted]
blippies|2 years ago
[deleted]
mslip1|2 years ago