Lawsuit says Clorox hackers got passwords simply by asking (www.nbcnews.com)
from floofloof@lemmy.ca to cybersecurity@sh.itjust.works on 23 Jul 02:05
https://lemmy.ca/post/48448630

#cybersecurity

threaded - newest

expatriado@lemmy.world on 23 Jul 02:26 next collapse

jee… is that easy? what’s your password OP?

onslaught545@lemmy.zip on 23 Jul 02:29 next collapse

Yup, it is. Social engineering is by far the most effective means of gaining unlawful access to any system.

Humans are always the weakest link.

sugar_in_your_tea@sh.itjust.works on 23 Jul 03:43 collapse

Exactly. Many breaches follow this pattern:

  1. Learn the name and some basic details about the secretary or something
  2. Call corporate tech support asking for a password reset claiming to be the secretary
  3. Access important stuff since secretaries have a surprising amount of access

Replace “secretary” with some other relevant individual who has a surprising amount of access and wouldn’t attract attention.

limer@lemmy.ml on 23 Jul 02:29 next collapse

correcthorsebatterystaple

floofloof@lemmy.ca on 23 Jul 02:30 next collapse

hunter2, but don’t tell anyone because it’s a secret.

milkisklim@lemmy.world on 23 Jul 02:41 collapse

All I see is ******2

Apollo98@sh.itjust.works on 23 Jul 02:49 next collapse

Ahh, I’m home finally

treadful@lemmy.zip on 23 Jul 03:16 collapse

RIP bash.org

EDIT: Nice, there’s a bunch of mirrors.

Zier@fedia.io on 23 Jul 02:49 collapse

Weird, because all I see is hunter*

[deleted] on 23 Jul 02:49 collapse

.

svc@lemmy.frozeninferno.xyz on 23 Jul 02:33 next collapse

At least it wasn’t due to a user input sanitization issue

example@reddthat.com on 23 Jul 20:11 collapse

instead it was a user sanitization issue

BigTrout75@lemmy.world on 23 Jul 04:23 collapse

Hi, I’m Steve from corp. I need your password to verify some settings…