[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] When two-factor authentication is not enough

To: alfiej@xxxxxxxxxxx
Subject: Re: [FD] When two-factor authentication is not enough
From: Jeff Sergeant <jeffuk@xxxxxxxxx>
Date: Thu, 10 Apr 2014 11:35:05 +0100

The fact they've clearly mapped out Gandi's processes to find the weak link
(The apparent opt-out to the email change request, real or not) and add
noise to exploit it makes it clear that someone put a lot of work into
this.  Pretty much a textbook example of the 'APT' we're always warned
about.

Good save!




On Thu, Apr 10, 2014 at 9:01 AM, Alfie John <alfiej@xxxxxxxxxxx> wrote:

> The story of a failed attempt to steal FastMail's domains:
>
>
> http://blog.fastmail.fm/2014/04/10/when-two-factor-authentication-is-not-enough/
>
> tl;dr: Pay attention next time you get a flood of emails. The flood
> could part of a larger plot to distract you from something you should be
> paying attention to. In other words, learn to spot misdirection:
>
>   https://www.youtube.com/watch?v=GZGY0wPAnus
>
> Alfie
>
> --
>   Alfie John
>   alfiej@xxxxxxxxxxx
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

References:
- [FD] When two-factor authentication is not enough
  - From: Alfie John

Prev by Date: [FD] New tool: sn00p - Automation framework for security tests.
Next by Date: [FD] Malware + Analyse = Malwarelyse
Previous by thread: [FD] When two-factor authentication is not enough
Next by thread: [FD] AppFish Offline Coder v2.2 iOS - Persistent Software Vulnerability
Index(es):
- Date
- Thread