0-day, SIM swap, Password Managers, MDM

  • 0-day vulnerabilities and spear phishing. Yeah, this is exactly where the problems I've described earlier become immediately evident. "Complex formats", whatever it is, are huge problem. Because using those can make your system vulnerable in multiple ways. In this case, it was JavaScript 0-day exploit, but just on the same day, I received bunch of links to file sync service, which seemed legitimate. But of course the PDF file which was being sent via it contained some kind of PDF exploit which was supposed was supposed to hijack the system. Of course I explored this document and file in separate USB image booted test-computer, with latest updates. So the exploit never worked, but as well. It's just totally normal that these kind of attacks to exist, and honestly, it's really hard to defend against issues like there, unless you're serious tin foil hat guy. Even then it might be problematic, because you'll never know if the sender used individually modified URLs, so if you access the link, even if you wouldn't get infected, they'll know that you accessed the link, verifying the email for further spam. That's why the best generic instruction is not to touch malicious URLs and not loading any remote content on spam anyway.
  • SIM swap horror story - Yet another horror story how targeted attacks can cause real havoc. kw: Google, Twitter, T-Mobile, Bank, Bitcoin, Black Mirror, Password Manager
  • Before You Use a Password Manager - Because previous article recommended using password manager, let's take this one next. Well, the first paragraph. Ehh, of course there are "generalized best practices", but you'll need to adapt those case by case. As we all know, there's no single silver bullet to tackle "security", "authentication" or "identity" as I've blogged so many times. In different use cases requirements are totally different. Well, who said you would need to have all of your password and credentials in single container? Who said, you would use a single system to access those containers? In general, there should be different systems for different security (as well as anonymity, etc) requirements. General use system, banking system, test system, anonymity platform and of course secure system (per identity or purpose). As well as separate email accounts, phone numbers and so on. Also separation by context makes it very easy to spot fraud attempts, because your message / contact will be likely out of context. Also to stop these SIM swap attacks, from gaining complete control. Unless you're doing really good job when attacking. Also using encryption keys, potential code books or context specific key-words make it impossible to scam you, unless you've been MITMing the communication for quite a good while, even then it's preferable to transfer some information out of band, making it unavailable to the attacker. Also rotating contact information and creating new identities, makes tracking and attacking even harder. Nothing new. Yet they didn't mention these obvious facts in this article. Phishing and phishing, well, if user uses malicious link in email to access the site game could be lost at that point already, password manager won't protect you from those attacks. - At the end of article, they'll get back to the most common problem, sites claim to be secure, but they still provide usually quite simple way to password reset, which absolutely and completely ruins any security. I've written about this so many times. - But in general, I liked the recovery section, because that's important and I'm pretty sure many people miss it. - Also the warnings about storing high value passwords are nicely put. End Notes are also very good, I like the addition to the main article a lot. - Who said that the security question answers wouldn't be just as random as the original password? Security questions and recovery by email totally suck, that's why nobody should ever use those. Also you shouldn't ever share recovery question answers, because those are just "passwords" in this case. - In general great article, for those who haven't been thinking these aspects a lot.
  • Something just a bit different: Laguerre-Gaussian mode division multiplexing in multimode fiber (MMF). Nice! Mode division multiplexing (MDM) a way to pack multiple beams in same fiber using different propagation path(s) aka spatial multiplexing.

2020-08-09