So, currently, many services that use two-factor authentication utilize one’s cellphone to verify the identity of the user. With the rise of smart phones, however, how will this effect the security of this transaction? Smart phones are, in essence, computers (even more so than phones in the past). Does this leave them at risk for malware, much like with traditional computers? Would it be possible for a piece of malware to sit on a smart phone and wait for a message from a service (such as a message with an authentication code)? Would it be possible for the malware to redirect such a message, thus allowing the hacker to not only have a password (gotten from another attack), but also receive the authentication code when he tries to log in? If this is possible, it could pose a serious threat to this style of authentication.
I’ve been thinking about it for a long time, ever since people kept asking me why I didn’t have a Facebook or other social networking account. My question is, what is the appeal of these social networking pages? Why do people feel the need to constantly tell the world what they’re up to? I’ve heard the excuse of being able to meet up with old friends, and various other things, but I know a lot of people that this isn’t the case. So, what exactly is the appeal?
One topic we have discussed was the idea of cyber stalking with things like Facebook. The information is presented on the internet publicly, thus it’s public information. Most wouldn’t question you for looking up a friend from grade school, seeing what they’re up to, etc. But would someone question your motives if you decided to check on a person for a specific purpose? Is it too much to check on a person you have a crush on, to see their status before deciding to ask them out? Is it wrong to check on a rival in a field (take your pick) to see how they’re doing, and to measure your own progress?
My point here is, when do you cross the line? Where is the point where you stop just looking at public information, and begin stalking? Or is it just variable levels of stalking?
So, I see a lot of people just posting news. Where’s all the personal stories?
Well, I’ve got one (or two, if you want to count them separately). Recently, I’ve had two social engineering attempts launched against me. Was pretty funny, really. First was a phishing attempt, claiming to be from a company of an online game I play. They said there was an issue with my account and needed to log in to validate my account, and failure to do so would cause my account to be locked or banned. Seemed legit, though the claims as to why I needed to validate my account were kind of sketchy, until I read the link they had. The URL they provided was the same as the one for my game, except an ” L ” (lower case, did upper case for the sake of reading it easier) was replaced by a ” 1 “. Heh, nice try, engineer. Better luck next time.
Second, the hacker spoofed an e-mail account I knew and said something along the lines of “This is an thing, it can totally change your life! Leave that boring life of hard work for a life of luxury!” (Heh, hilarious) The link was to some site I never heard of. But really, that’s not what tipped me off. First, the fact that this person who’s e-mail it supposedly was doesn’t use that e-mail anymore, plus he doesn’t talk the way the e-mail spoke. More importantly, however, the e-mail was sent to numerous people, ranging from myself and some family, to his high school teachers, to Youtube’s support e-mail address. Hmm… Can anyone tell me if this is legit or possibly some form of fraud…? Haha.