Correct me if I am wrong, please.
I understand that 2FA (MFA) increases account security in case an attacker obtains a password which might be possible via various ways, e.g. phishing, database breach, brute-force, etc..
However, if the 2FA device is compromised (full system control) which can also be the very same device then 2FA is broken. It’s not as likely as opposed to only using a password but conceptually this is true.
Do hardware security keys protect against compromised devices? I read that the private key cannot be extracted from those devices. I think about protecting my ssh logins with a FIDO2 key. Taking ssh as an example, I would imagine that on a compromised device the ssh handshake and key exchange can be intercepted and the Fido2 key can be used for malicious things.
Additionally: Fido2 protects against phishing by storing the website it is setup to authenticate with. Does FIDO2 and openssh also additionally implement host key verification or doesn’t it matter because FIDO2 with openssh is already asymmetric encryption and thus not vulnerable to MitM attacks?
I’ve been thinking about this problem for some time and I wanted to ask if there are any known methods, or research papers, about how to prove "authenticity" or correctness of data originating from a potentially compromised source (remote server, process, etc). Specifically what I’ve been imagining is say you have service
A and service
B sources data from
A but is worried that
A has been compromised such that even if data is signed by
B can’t trust that it was generated by code written by
A‘s developers. Is it possible for
B to prove to itself that data from
A is authentic, that it was indeed generated by the expected code and not injected or generated by an attacker who has compromised
One solution I’ve been thinking about is using a sort of distributed ledger or blockchain so that multiple nodes compute the same data, and in doing so raises the bar such that an attacker would have to compromise N% of the services producing the needed data, this provides naturally replication and I can use an appropriate consensus protocol, but ofc introduces some overhead, efficiency concerns, and I would need to think hard about side-effects being performed more than once.
If there is only one node possible of generating data, such as a sensor node, and it is compromised, I’d imagine all hope is lost, but I also wouldn’t be surprised if there is some clever crypto scheme that attempts to solve this problem as well.
I hope it’s clear as to what the question is, thank you.
I was just wondering out of interest. What happens if your captcha keys get compromised. What can they be used for and how can you detect that they have been compromised.
I originally posted this on the Apple Stack Exchange but it was suggested that it was off topic, so I’m posting it here in hopes that this is a more relevant place for it.
Say that an iOS device has been compromised by some vulnerability. If one were to backup their device to their computer (or iCloud, but it’s my understanding that making an encrypted backup to a computer allows for more to be stored in the backup, such as passwords) and then restore the OS using the backup to restore settings, could the backup re-compromise the device?
Secondly, have there been any documented cases of persistent threats (outside of jailbreaks) that are remotely exploitable and can persist after a restore?
don’t really know where to post these questions. I’ll give it a shot here. 3 days ago, Google asked me to verify the login. The login location was exactly where I am, so I clicked on yes. Several hours later, I started to get messages that my Robinhood account, which I only use on my phone had a bank transfer. Then my google play account tried to send some1 money. Then my autofill started to show up with other people’s addresses and emails and passwords that I don’t know. Then I realized the login attempt was a hacker. My system was reinstalled about 2 weeks ago, and I have windows defense, Malwarebytes installed. No malware found. There are two things that really disturbed and confused me. I will list them below.
I started to check my google account activity, and I found something strange. The device I am using, a desktop, logged in with several different IP addresses, The first one is mine, and it belongs to spectrum. So does the 3rd and 5th ip addresses. The 2nd and 4th both belongs to the same ISP. But what confuses me is that how can my Desktop device log in to chrome with so many different IP addresses which clearly isn’t mine, since I never used VPNs.
Simultaneously, the same day, my mother’s bank account was hacked. It might have been thru my google chromes autofill or a data breach since she uses the same email/password everywhere. The hacker tried to threaten my mom via text messages with her personal information, like addresses where she used to live. And interestingly enough, the attacked texted her a company name with a truck tracking number(this is a pdf file that’s only my Desktop, which was downloaded a few days ago using Chrome). The file has the tracking number in its title, but the company name is only in the file.
Now, I am really concerned about how compromised I am. I dont understand how the hacker who tried to threaten my mom knows something thats only on my PC, and this same desktop of mine has logged in chrome via different ip addresses which dont belong to me.
My assumption is that the attacker got my google password from a data breach, then tried to get all the information from my account, then switched to logging in to my mother’s bank account thru google autofill, then also found out about that pdf file in my download history(I am not sure about this part because the download history is only device-specific.) But this doenst explain why my PC logged in to chrome using so many different IP addresses. Could it be that my machine has some kind of virus that provides a backdoor to the attacker? Please help.
I left my apartment for few days, so I disconnected my wireless router but I forgot to disconnect my Chromecast as well. I remember that when a Chromecast can’t find the network it was connected anymore, it creates an open network that can be used to reconnect to another wireless network.
The issue is that I’m away from my apartment for a few days and my Chromecast is probably currently broadcasting an open network that anyone can connect to.
Even if there is no internet connexion on that open network, there are two things I’m worried about.
The Chromecast could be attacked from a wireless exploit. We don’t know how someone else’s computer could be infected by malware, the Chromecast could be attacked once that infected computer connects to it (for example, by running wireless exploits against). Even, the worst scenario could be an attacker just connecting to that Chromecast open network and directly run exploits against it.
It might be possible for someone who can attack the Chromecast to get the wireless network password that the Chromecast was previously connected to. This password might be obviously stored somewhere on the Chromecast memory and with some access to the filesystem by a kind of jailbreak (for example, the point 1), it could be retrieved and used to connect to my wireless network.
Considering those two points, should I factory reset my Chromecast once I’m back to my apartment ? Or even safer, should I get rid of this Chromecast considering that the firmware could have been compromised and buy a new one ?
What is the best approach to use in identifying, characterizing and detecting compromised CAs? I do not mean an invalid certificate or invalid CA that can be identified by an X.509 during validation process. I am looking for a tool/approach that can identify and detect “trusted CA that is actually compromised. For example the cause of compromisation like attacker Impersonate or compromise CA key and try to issue fraudulent certificate/ fake CRL.
A part from existing methods such as CT, key pinning, DANE etc which partly address some issues related to CA compromised.
I there a way from method like Blockchain, Machine learning or any role based approach can be used to first identify, characterize and detect if trusted CA really compromised?
I would like to understand the relationship between Certificate Revocation and Compromised CA from the CA perspectives instead of the end-user?
how can I get remote access to android box the the other people has to it ?
We have a whale phishing case, in which the sender is from the insider (we’re using Zimbra email service for some specific user groups). A cursory investigation indicated that this account had probably been compromised.
My concern here is that is there anyway for the hacker to take over this account through server? I assume no because the email was associated with the specific email account.
Look forward to receiving your support.