Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Edition:.

Published byEmma Craig Modified over 9 years ago

Similar presentations

Presentation on theme: "Cyber Edition:."— Presentation transcript:

1 Cyber Edition:

2 alternately titled Use Two Factor Authentication for the love of everything holy please and thank you have a fantastic day It’s a Saturday night, I’m sitting in my company wardroom, trying to find a way to watch Mayweather/Manny when I get a text from a friend …

3

4 THIS IS WHAT I HAVE BEEN TRAINING FOR MY ENTIRE NAVAL CAREER

5 15 Minutes Later … Hack hack hack hack Hack hack hack hack

6

7 Alright honestly, that was faster than I expected

8

9

10 Time to continue my attempts to find the fight
A few hours and a disappointing loss later…

11 But then… I was like hey, I should try to get money from google for this So I turn off two factor auth, reset the security settings to where they were originally Go to replicate what I did before

12

13

14

15

16 That sneaky sonofabi- In the three minutes since I turned off two factor and set the default back to his old one, this guy had reset his password and deleted the account But alas… google makes things too easy *clicks account recovery link

17 Enter whatever email you want

18 So the last message my friends got was early today, so that first one’s easy. The first messages came last month, lets assume this is a burner created specifically for this purpose

19 Whattt?!?!? NO questions? Are you f*#&%ing kidding me?

20

21 Implications Burner accounts on gmail are vulnerable
The only method of authentication for a password reset is when the account was created and when it last contacted you Their algorithm and all of those other complicated questions are ignored if you havent used an account enough to populate it with data Leaves just a shitty time based authentication After breaking in I checked the account creation date, I was off by 2 months and Google still said it was fine.

22

23

24

25

26 Guessing that guy is as freaked out as humanly possible
Girls don’t want to press charges but will if he continues For now he’s locked out permanently But back to Google…

27 Sent el Goog a message detailing what I did and why that’s really bad for the good guys too
Their response -

28 Hi, Thanks for your note. Account recovery is a complex problem
Hi, Thanks for your note. Account recovery is a complex problem. On the one hand, it's important that people who forget their passwords are able to legitimately recover their accounts. This needs to be carefully balanced so attackers aren't able to exploit the system. There are many, many signals that are used in this process, some of which are difficult to properly assess in small scale testing. In this instance, we believe the account recovery process is working as intended. If you disagree, please attempt the account recovery process on our test If you are able to recover this account, please let us know. Otherwise, thanks for your report, and good luck on your future bug hunting! Regards, Yousef

29 Damnit google. No sweet sweet google bucks for me
Moral of the story, 2 factor authenticate everything, burner s on gmail are inherently vulnerable, and google thinks that’s okay That’s probably the end of this adventure unless I go to Ars, but yay cyber

30 Pew pew pew pew

Download ppt "Cyber Edition:."

Similar presentations

Attention (your target market) !. Are you (their problem) ?

Attention (your target market) !. Are you (their problem) ?
Ági Hello. My name’s Ági and I’m a 10th course student in our grammar school. I really feel good here, love my classmates, we have been getting on well.

Ági Hello. My name’s Ági and I’m a 10th course student in our grammar school. I really feel good here, love my classmates, we have been getting on well.
The Subprime Primer. At the Mortgage Brokers… Ace Mortgage Brokers Make your Dreams Come True.

The Subprime Primer. At the Mortgage Brokers… Ace Mortgage Brokers Make your Dreams Come True.
Nanas Net Friend Have you ever had a net friend? Have you ever met him or her in person? Nana has a net friend, and lets talk about her story!

Nanas Net Friend Have you ever had a net friend? Have you ever met him or her in person? Nana has a net friend, and lets talk about her story!
Word List A.

Word List A.
How to get #MaidenheadAstro ‘tweets’ on your mobile phone 1.

How to get #MaidenheadAstro ‘tweets’ on your mobile phone 1.
Lesson 10: Dealing with Criticism

Lesson 10: Dealing with Criticism
© 2011 wheresjenny.com Conversations. © 2011 wheresjenny.com Conversations Conversation 1 Kate: Hey Tina. Tina: Hello Kate. Kate: I heard that you and.

© 2011 wheresjenny.com Conversations. © 2011 wheresjenny.com Conversations Conversation 1 Kate: Hey Tina. Tina: Hello Kate. Kate: I heard that you and.
Team Meeting Communication Skills

Team Meeting Communication Skills
TPA Orientation Teacher Performance Assessments and Livetext.

TPA Orientation Teacher Performance Assessments and Livetext.
Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.

Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.
Gmail Tutorial This tutorial aims to quickly cover some of the basic elements of web based email using Gmail - a free email service Use the Index on the.

Gmail Tutorial This tutorial aims to quickly cover some of the basic elements of web based using Gmail - a free service Use the Index on the.
Email - Part 2 Your teachers are :. Review 1.Did you do your homework? Was it difficult, easy, or just right? 2.Turn to your partner and tell them your.

- Part 2 Your teachers are :. Review 1.Did you do your homework? Was it difficult, easy, or just right? 2.Turn to your partner and tell them your.
Time Management.

Time Management.
Notes to Teachers At the time we embedded the links in these lessons, they all worked. If they don’t, you can google the website, find the link, open it.

Notes to Teachers At the time we embedded the links in these lessons, they all worked. If they don’t, you can google the website, find the link, open it.
Farming Your Database. We are in the “Marketing To Our Database” business, not the “Real Estate Business”

Farming Your Database. We are in the “Marketing To Our Database” business, not the “Real Estate Business”
You can customize your privacy settings. The privacy page gives you control over who can view your content. At most only your friends, their friends and.

You can customize your privacy settings. The privacy page gives you control over who can view your content. At most only your friends, their friends and.
This is beautiful! Try not to cry.

This is beautiful! Try not to cry.
PDF accessibility Susannah Pike 01305 252353.

PDF accessibility Susannah Pike
Theme this year: “Be Transformed”. To be truly transformed, we need to answer the following questions: * 1. Do I want to be changed? * 2. Why should I.

Theme this year: “Be Transformed”. To be truly transformed, we need to answer the following questions: * 1. Do I want to be changed? * 2. Why should I.

Similar presentations

Ads by Google