Ceev faj, Tus Password Pop-Up tuaj yeem dag

Cov txheej txheem:

Ceev faj, Tus Password Pop-Up tuaj yeem dag
Ceev faj, Tus Password Pop-Up tuaj yeem dag
Anonim

Key Takeaways

  • Tus kws tshawb fawb txog kev nyab xeeb tau tsim ib txoj hauv kev los tsim kev ntseeg siab tab sis fake ib leeg kos npe nkag rau hauv pop-ups.
  • Cov pop-ups cuav siv cov URLs raug cai kom tshwm sim ntxiv.
  • Qhov ua kom yuam kev qhia tias tib neeg siv tus password ib leeg yuav raug nyiag lawv daim ntawv pov thawj sai lossis tom qab, ceeb toom cov kws tshaj lij.
Image
Image

Navigating the web is get trickier every day.

Ntau lub vev xaib niaj hnub no muaj ntau yam kev xaiv los tsim ib tus account. Koj tuaj yeem sau npe nrog lub vev xaib, lossis siv ib qho kev kos npe rau (SSO) kev nkag mus rau hauv lub vev xaib siv koj cov nyiaj uas twb muaj lawm nrog cov tuam txhab muaj koob npe zoo li Google, Facebook, lossis Apple. Tus kws tshawb fawb txog kev nyab xeeb hauv cybersecurity tau nqis peev rau qhov no thiab tsim cov txheej txheem tshiab los nyiag koj cov ntawv pov thawj nkag los ntawm kev tsim lub qhov rais nkag tsis tau zoo SSO tsis raug cai.

"Kev muaj koob meej ntawm SSO muab ntau yam txiaj ntsig rau [neeg]," Scott Higgins, Tus Thawj Coj ntawm Engineering ntawm Dispersive Holdings, Inc hais rau Lifewire hauv email. "Txawm li cas los xij, tam sim no cov hackers ntse tab tom siv kom zoo dua ntawm txoj hauv kev no."

Fake Login

Kev lig kev cai, cov neeg tawm tsam tau siv cov tswv yim zoo li homograph tawm tsam uas hloov qee cov ntawv hauv qhov URL qub nrog cov cim zoo sib xws los tsim cov tshiab, nyuaj-rau-qhov chaw siab phem URLs thiab nplooj ntawv nkag tsis raug.

Txawm li cas los xij, lub tswv yim no feem ntau poob sib nrug yog tias tib neeg ua tib zoo tshuaj xyuas qhov URL. Kev lag luam cybersecurity tau qhia ntev rau tib neeg kom kuaj xyuas qhov URL bar kom paub tseeb tias nws teev qhov chaw nyob zoo, thiab muaj lub xauv ntsuab nyob ib sab ntawm nws, uas qhia tias lub vev xaib ruaj ntseg.

"Txhua yam no thaum kawg ua rau kuv xav, nws puas tuaj yeem ua rau 'Kuaj URL' cov lus qhia tsis tshua muaj kev ntseeg siab? Tom qab ib lub lim tiam ntawm kev tawm tswv yim kuv txiav txim siab tias cov lus teb yog yog," sau tus kws tshawb fawb tsis qhia npe uas siv tus pseudonym, mr.d0x.

Kev tawm tsam mr.d0x tsim, muaj npe browser-hauv-tus-browser (BitB), siv peb qhov tseem ceeb hauv tsev thaiv ntawm lub vev xaib-HTML, cascading style nplooj ntawv (CSS), thiab JavaScript-los ua khoom cuav SSO pop-up qhov rais uas yog qhov tseem ceeb tsis paub qhov txawv ntawm qhov tseeb.

"Qhov URL cuav tuaj yeem muaj txhua yam nws xav tau, txawm tias zoo li qhov chaw siv tau. Tsis tas li ntawd, kev hloov kho JavaScript ua rau nws txav mus rau ntawm qhov txuas, lossis khawm nkag nkag yuav tshwm rau qhov zoo li URL lo lus uas siv tau zoo li," ntxiv Higgins tom qab kuaj xyuas Mr. d0x's mechanism.

Yuav ua kom pom BitB, mr.d0x tsim ib qho cuav version ntawm online graphic design platform, Canva. Thaum ib tug neeg nias nkag mus rau hauv lub vev xaib cuav uas siv qhov kev xaiv SSO, lub vev xaib pops li BitB crafted login qhov rai nrog qhov chaw nyob raug cai ntawm tus neeg muab kev pabcuam SSO spoofed, xws li Google, kom ntxias tus qhua nkag mus rau lawv cov ntawv pov thawj nkag, uas yog ces xa mus rau cov neeg tawm tsam.

Cov txheej txheem tau ua rau ntau tus neeg tsim lub vev xaib txaus siab. "Ooh qhov tsis zoo: Browser Hauv Browser (BITB) Attack, tus txheej txheem phishing tshiab uas tso cai rau kev nyiag cov ntaub ntawv pov thawj uas txawm tias tus kws tshaj lij hauv lub vev xaib tsis tuaj yeem ntes," François Zaninotto, CEO ntawm lub vev xaib thiab lub tuam txhab txhim kho mobile Marmelab, tau sau rau hauv Twitter.

Nco koj mus qhov twg

Thaum BitB muaj kev ntseeg ntau dua li khiav-ntawm-tus-mill fake login windows, Higgins tau qhia ob peb lub tswv yim uas tib neeg tuaj yeem siv los tiv thaiv lawv tus kheej.

Rau pib, txawm hais tias BitB SSO pop-up qhov rai zoo li qhov raug cai pop-up, nws yeej tsis yog. Yog li ntawd, yog tias koj rub qhov chaw nyob bar ntawm qhov pop-up thiab sim rub nws, nws yuav tsis txav mus dhau ntawm ntug ntawm lub vev xaib tseem ceeb lub qhov rais, tsis zoo li lub qhov rais pop-up tiag tiag uas yog ywj pheej thiab tuaj yeem txav mus rau ib qho twg. ib feem ntawm lub desktop.

Higgins qhia tias kev sim qhov raug cai ntawm SSO qhov rai uas siv cov qauv no yuav tsis ua haujlwm ntawm lub xov tooj ntawm tes."Qhov no yog qhov [multi-factor authentication] lossis siv cov kev xaiv passwordless authentication tuaj yeem pab tau tiag tiag. Txawm hais tias koj tau poob qis rau BitB nres, [cov neeg dag ntxias] yuav tsis tas yuav muaj peev xwm [siv koj daim ntawv pov thawj raug nyiag] yam tsis muaj lwm feem ntawm MFA kev nkag mus niaj hnub, "hais tias Higgins.

internet tsis yog peb tsev. Nws yog qhov chaw pej xeem. Peb yuav tsum xyuas seb peb mus saib dab tsi.

Kuj, txij li nws yog lub qhov rais nkag tsis raug, tus thawj tswj tus password (yog tias koj siv ib qho) yuav tsis cia li sau rau hauv daim ntawv pov thawj, rov muab rau koj ncua kom pom qee yam tsis raug.

Nws tseem ceeb heev uas yuav tsum nco ntsoov tias thaum BitB SSO pop-up nyuaj rau pom, nws tseem yuav tsum tau pib los ntawm qhov chaw phem. Txhawm rau pom qhov pop-up zoo li no, koj yuav tsum tau mus rau ntawm lub vev xaib cuav.

Qhov no yog vim li cas, tuaj puv lub voj voog, Adrien Gendre, Chief Tech thiab Product Officer ntawm Vade Secure, qhia tias tib neeg yuav tsum saib URLs txhua zaus lawv nyem qhov txuas.

"Ib yam uas peb tshawb xyuas tus lej ntawm lub qhov rooj kom paub tseeb tias peb mus rau hauv chav tsev so zoo, tib neeg yuav tsum ceev ceev saib URLs thaum mus saib lub vev xaib. Internet tsis yog peb lub tsev. Nws yog qhov chaw pej xeem. Peb yuav tsum xyuas seb peb mus saib dab tsi, " stressed Gendre.

Pom zoo:

SIM Swapping Attacks tau nce siab thiab koj yuav tsum tau ceev faj

SIM Swapping Attacks tau nce siab thiab koj yuav tsum tau ceev faj

Daim npav SIM hauv koj lub xov tooj tuaj yeem yog tus yuam sij rau hackers tau txais koj cov ntaub ntawv, tab sis cov kws tshaj lij hais tias muaj txoj hauv kev los tiv thaiv koj tus kheej

Ceev faj Nrog macOS Monterey ntawm Cov Khoom Siv Laus

Ceev faj Nrog macOS Monterey ntawm Cov Khoom Siv Laus

Yog tias koj muaj tus qauv qub ntawm MacBook Pro, Mac mini, lossis iMac, koj yuav xav tuav tawm ntawm kev txhim kho macOS Monterey, vim nws tuaj yeem ci koj lub cev

Vim li cas koj yuav tsum ceev faj koj cov ntaub ntawv xov tooj thaum kho

Vim li cas koj yuav tsum ceev faj koj cov ntaub ntawv xov tooj thaum kho

Thaum koj nqa koj lub xov tooj smartphone los kho, tus neeg ua haujlwm ntawm nws nkag mus rau tag nrho koj cov ntaub ntawv, yog li koj yuav tsum tiv thaiv lossis txawm tshem koj cov ntaub ntawv ua ntej muab lub xov tooj

Vim li cas koj yuav tsum ceev faj tiag tiag nrog Smart Home Gadgets

Vim li cas koj yuav tsum ceev faj tiag tiag nrog Smart Home Gadgets

A Eufy ntse lub koob yees duab kev ruaj ntseg ua txhaum cai uas tso cai rau tib neeg los tswj cov neeg tsis paub lub koob yees duab ua rau peb xav paub tias peb tuaj yeem tiv thaiv peb tus kheej zoo dua thaum siv cov cuab yeej hauv tsev

Yuav ua li cas GPS Tech tuaj yeem txo cov tub ceev xwm ceev ceev

Yuav ua li cas GPS Tech tuaj yeem txo cov tub ceev xwm ceev ceev

StarChase yog ib qho siv tau GPS thev naus laus zis tub ceev xwm tub ceev xwm tuaj yeem siv los taug qab cov neeg xav tias khiav hauv tsheb. Qhov no pab ntes cov tub sab nyiag yam tsis muaj kev phom sij nrawm nrawm