If I have to pick just one, the dumbest thing Hacker News believes about security is that phishing is a simplistic attack that only unsophisticated users fall for.
-
-
You visit phishsite.php, you're already convinced it's your bank, so you enter your password. That php script submits creds (that is obviously possible in under 2 minutes), and then asks for OTP - you're already convinced it's bank, so you enter it. Where is the bar?
-
oh, you're assuming there is fakebankpage.php server code that is attempting realbankpage.html passthrough login at the actual time of form submission? Possible, unless the login form is captcha'ed
- 14 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.