nixCraft 🐧
We replaced passwords with something worse https://blog.danielh.cc/blog/passwords
Proto Himbo European@nixCraft@mastodon.social As a non security professional... how does an attacker get the code sent to them? Are there services you can use that will redirect an email from its legitimate target to your arbitrary destination?
@guyjantic@infosec.exchange @nixCraft@mastodon.social the idea, as I understand it, is that the attacker would pretend to be the service you intend to use. Then as you try to log in to the fake service, the attacker asks the real service to send you a login code. You give this to the fake service, thinking it is legitimate and the attacker can then use it to access the real service.
Proto Himbo European@Rob_J@mastodon.social @nixCraft@mastodon.social Devious. And this reminds me my personal data backups are not quite up to snuff.