Your daily selection of the hottest trending tech news!
According to E Hacking News – Latest Hacker News and IT Security News
We are switching to Two-factor authentication (2FA) for securing our data and system, but does it provide fool-proof security?
No, according to Kevin Mitnick, a security researcher at KnowBe4 it is very easy to deceive this defensive measure.
While showcasing his new exploit, he proved that hackers could easily spoof the 2FA requests by sending users a fake login page which appears to be a legitimate one to the victims. This could lead to exposure of sensitive data like username, password and session cookie.
2FA is a technique which provides an extra layer of security famously known as “multi-factor authentication” it requires not only a password and username but also a phone number that is only with user immediately as they send some kind of code or OTP.
“Two-factor authentication is intended to be an extra layer of security, but in this instance, we clearly see that you can’t rely on it alone to protect your organization,” said Kuba Gretzy, a white hat hacker.
“The tool is called evilginx. The attack method is based upon proxying the user via the hacker’s system through a credentials phishing technique, which requires the use of a typo-squatting domain. The idea is to let the user give away his/her credentials so that the hacker could steal a session cookie,” added Gretzy.
- Got any news, tips or want to contact us directly? Feel free to email us: firstname.lastname@example.org. To see more posts like this please subscribe to our newsletter by entering your email. By subscribing you’ll receive the top trending news delivered to your inbox.
This article and images were originally posted on [E Hacking News – Latest Hacker News and IT Security News] May 13, 2018 at 03:32PM. Credit to Author and E Hacking News – Latest Hacker News and IT Security News