Modern spearphishing is *really* good. When high-end hackers come for you, will 100% fall for it. It's not a matter of being "smart" or training not to click the link. You set up countermeasures via 2FA or Yubikeys, or you are 100% trusting to chance that you never get targeted
-
-
এই থ্রেডটি দেখান
-
Seriously. Look. Just look at it. This is the email Podesta was sent. You're probably thinking "wow how come Google algorithms didn't catch this email, it's right there asking for your password?". Because the letters aren't English to trick the filters. Hackers are smart.pic.twitter.com/6fDGvjsVD8
এই থ্রেডটি দেখান -
And then he landed on this page. Look! * URL looks a lot like myaccount,google,com. You have to look close to see it's not. * Prepopulated his account name + picture. When. They. Come. You. Will. Fall. You put in 2FA countermeasures, or it's blind luck your emails aren't onlinepic.twitter.com/Xv0HJgof86
এই থ্রেডটি দেখান -
And it's not just a couple of emails. Your personal email is where "forgot my password" reset emails get sent. Once your home email account falls, all your online identities get pwned all in one fell swoop. Podesta didn't just lose his email in that hackhttps://twitter.com/pwnallthethings/status/786587027202375680 …
এই থ্রেডটি দেখান -
"But I'm not important enough to hack" Stop. Last year FBI prosecuted a guy who compromised 1000+ accounts, used that access to reset pwds to cloud accounts and searched for cloud-synced intimate pictures. You don't have to be "important" to be targeted. https://www.justice.gov/usao-sdny/pr/individual-who-compromised-over-1000-email-accounts-new-york-city-university-pleads …
এই থ্রেডটি দেখান -
Today's the day you should enable 2FA on your home account. Or if you use Gmail, their Advanced Account Protection. No day better than today to do it. Go do it now.
এই থ্রেডটি দেখান
কথা-বার্তা শেষ
নতুন কথা-বার্তা -
-
-
Ironically government officials and registered candidates are barred for Google’s Advanced Protection Kitpic.twitter.com/yg4WixBcQN
-
Maybe to comply with campaign donations regulation?
-
Exactly correct. Govt officials can and absolutely should enroll, we just can't give them free kits
-
I'm in the UK. I can't see anything about a free kit, Google just gives links to buy the keys on Amazon UK. The Feitian key is currently unavailable and gets poor reviews (only 38% 5* which I wouldn't normally buy).
-
Same here. I'm in the USA. In Florida at the moment and I see nothing about a free kit (links go to Amazon).
কথা-বার্তা শেষ
নতুন কথা-বার্তা -
-
-
Why would any sane person trust Google at this point?
-
why not? we offer top notch security. we care a lot about privacy. if you don't want to see ads, you can use Gmail with your own domain aka Gsuites, $5/monthhttps://gsuite.google.com/pricing.html
-
“Why not?”
It truly blows my mind when I see a technically knowledgeable person casually dismiss concerns about trusting US companies that have/are collaborating with illegal, mass surveillance. There is no trusting these companies ever again. -
https://www.washingtonpost.com/news/wonk/wp/2013/06/12/heres-everything-we-know-about-prism-to-date/ …. Many colleagues of mine and I myself would have quit Google if there's any evidence that the company participated or is participating in any mass surveillance program. I'm from a communist country. I hate surveillance as much as you do
কথা-বার্তা শেষ
নতুন কথা-বার্তা -
-
-
Google says: "Advanced Protection isn't available for G Suite accounts"
-
AFAIK, Advanced Protection really just means "require 2FA and allow only security keys". The GSuite admin can require all users to use 2FA and allow only security keys.
-
Alternatively, you can get the same effect for your account by turning on 2FA, registering some security keys, and disabling all other 2FA options. Well, you probably want to keep some backup passwords in a safe place, but definitely disable SMS.
-
That's incorrect. APP does other things besides security keys.
-
Interesting. What else does it do?
-
"To help protect you, Advanced Protection allows only Google apps and select third-party apps to access your emails and Drive files."
-
"To give you the strongest protection against this type of fraudulent account access, Advanced Protection adds extra steps to verify your identity during the account recovery process."
- 5টি আরও উত্তর
নতুন কথা-বার্তা -
লোড হতে বেশ কিছুক্ষণ সময় নিচ্ছে।
টুইটার তার ক্ষমতার বাইরে চলে গেছে বা কোনো সাময়িক সমস্যার সম্মুখীন হয়েছে আবার চেষ্টা করুন বা আরও তথ্যের জন্য টুইটারের স্থিতি দেখুন।