• Content Count

  • Last visited

Community Reputation

14 Good

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. In this article, I will show how Steam accounts are hijacked in Discord and tell you how to protect yourself from such attacks. An example will be a personal case when I and other users tried to hijack an account using phishing. Phishing is one of the techniques that uses social engineering to steal user data. We have already talked in detail about phishing and social engineering methods many times, use the channel search. How Steam accounts are hijacked in Discord The other day, a link appeared in the chat to a website that offers Discord Nitro for 3 months. Those who wanted freebies rushed to go to the site, but I immediately realized from the link that this was a divorce. Pay attention to the link: http://discodintro.info/nitr0/steam The attackers offer to go to a site similar to the official Discord website, where you can get a subscription if you enter your Steam account details. In addition to this site, various links to other fake pages began to appear in other chats. I didn't miss such a chance. I launched a virtual machine to test all sorts of suspicious things and opened another phishing site. The fake page already looks better. Let's Encrypt certificate. As you understand, services such as Discord will not use Let's Encrypt. The attacker used the certificate to make the fake page look more plausible. When you try to log in, a Steam window appears. But this is not Steam and not even a window, but a phishing iframe that will steal your username and password, and possibly cookies. Protection against theft of a Steam account in Discord Everything is simple. Carefully check the links and sites you are going to. The link can be hidden, but when you go to the site, you will always see the real address of the site in the address bar. To do this, always check suspicious links through services like https://scanurl.net or similar.
  2. Fingerprint authentication is a convenient alternative to passwords and PIN codes. Who would want to waste time typing a long string of numbers, letters and symbols when a simple click is enough? Unfortunately, you have to pay for this convenience. Because, unlike a normal password, you leave your fingerprint on taxi doors, iPhone screens and glasses of wine at a local restaurant. Fingerprint Theft To compromise your device or account, we don't even need direct access to your fingerprint. A photo of the surface you touched will do (from the table in the local library to the equipment in the nearest gym). Having this photo at our disposal, an hour of work in Photoshop gives a decent negative: In the last step, we add some carpentry glue on top of the fingerprint to animate a fake fingerprint that we can use on the scanner. The beginning of the attack With a fingerprint in hand, all we have to do is attach it to the scanner. We were able to carry out this well-known attack on most of the devices that our team had for testing. If this was a real attack, we would have access to a wide range of confidential information. The reason for the success of the attack The main reason for the success of the attack is that almost no fingerprint sensor today knows how to distinguish "alive" from "inanimate". Methods of recognition of a living person To increase the reliability of the applied biometric system, the following methods are used: multi-factor authentication; multimodal (multibiometric) authentication; determination that you have a living person in front of you (Liveness Detection). For biometric authentication methods, it is important to determine that it is a living person who is being identified. Developers use the term "Survivability", which is defined in the international standard ISO/IEC 30107-1:2016. In methods of detecting survivability, physiological or behavioral information or information contained in a biometric sample is used as signs of life. Fingerprint recognition systems use the following to detect survivability: measurement of temperature, pulse, electrical resistance; detection of subcutaneous signs; comparison of consistently accepted biometric samples, etc. For other biometric characteristics, survivability detection methods are usually based on the analysis of arbitrary and involuntary behavior. Facial recognition systems may require the user to perform head, lip, eye movements or change facial expressions. Voice recognition systems may ask the user to pronounce a randomly generated phrase or an alphanumeric sequence to prevent playback of recorded sounds. However, as it is not difficult to notice, in most laptops (yes, what is there, rather even in all) today, much cheaper fingerprint sensors are used. And even more so in smartphones. Standards Within the framework of the international subcommittee on Standardization ISO/IEC JTC 1 SC 37 Biometrics, three international standards have been developed for the definition of attacks on biometric presentation: ISO/IEC 30107-1:2016, ISO/IEC 30107-2:2017 and ISO/IEC 30107-3:2017. Currently, the most widespread among biometric characteristics are the following: fingerprints, facial image, voice, vascular bed of the hand, iris. Fingerprints account for the largest number of methods of forgery and protection against them. It is from them that this article is about. Fingerprints. Methods of attack As a rule, the differences between fake fingerprints are in the materials used to create the dummy. Most often, technical gelatin, clay, plasticine, dental plaster is used. After receiving a sample of the fingerprint of the user who has access to the attacked biometric system, a mold is created into which the fake finger is cast. Fingerprints. Methods of protection To determine that it is a live fingerprint that is presented, hardware or software methods are used, as well as their combinations. Hardware methods: multispectral registration is used (fixation of reflected IR radiation — completely different values are obtained from the skin and from synthetic material). Typically used in optical readers; pulse fixation based on optical or ultrasound method; measurement of the electrical resistance of the skin. Software methods involve comparing a scanned fingerprint with the characteristic features of fake samples. For example, too clear or, conversely, too ragged edge of the print, too smooth lines of the papillary pattern, a large number of too light or too dark areas in the scanning area - these are just some of the most common differences between a dummy and a "live" finger. The software method of fingerprint analysis relies on the individual characteristics and capabilities of specific biometric equipment, as well as on templates and algorithms created and patented by developers. Protection from attack As you can understand from the above, a fingerprint should not be considered as a secure alternative to a strong password. As a result, your information — and possibly your crypto assets — are vulnerable to even the most inexperienced attackers. By now, it should be clear that although your fingerprint is unique to you, it can be used relatively easily. At best, you should consider using it only as secondary authentication (2FA).
  3. Miro

    @Psych0path Meme

    Post at least 5 forum messages to be able to use the Shoutbox.
  4. Light travels through space at just over 186,000 miles per second. The moon is just under 250,000 miles from Earth, so light from the Moon's surface has to travel more than one second (about 1.3 seconds) to reach us.
  5. niggersforsaleniggersforsale
  6. hora dan hora dan hora dan hora dan hora dan hora dan hora dan hora dan hora dan hora dan hora dan hora dan