hpr3719 :: HPR News

InfoSec; the language of security.

Hosted by Some Guy On The Internet on Thursday, 2022-11-03 is flagged as Clean and is released under a CC-BY-SA license.
Tags: InfoSec, Typosquatting, SFA, 2FA, MFA, Security. Comments: 1.
The show is available on the Internet Archive at: https://archive.org/details/hpr3719

Listen in ogg, spx, or mp3 format. Play now:

Duration: 00:09:54

Part of the series: general.

InfoSec; the language of security.

What is Typosquatting and How Do Scammers Use it?

Typosquatting, as an attack, uses modified or misspelled domain names to trick users into visiting fraudulent websites; the heart of this attack is domain name registration. Typosquatting is deployed by scammers to defraud unaware users. Attackers will attempt to: mimic login pages, redirect traffic, download malware, and extort users.
Past Known Typosquatting Attacks.
Solutions to Typosquatting.
DNS monitoring services.
- Link to dnstwister: https://dnstwister.report/
- Link to whois: https://www.whois.com/whois
Password Managers.
- Link to bitwarden: https://bitwarden.com/
- Link to keepassxc: https://keepassxc.org/

Two-factor and Multifactor Authentication.

First, authentication. This is the process of verifying the validity of something; in our case, user credentials/identity. The most common way to authenticate is: USERNAME and PASSWORD. This is just a single layer (single-factor authentication) and isn’t enough to discourage attackers.
Second, 2FA (Two-factor Authentication). 2FA increases the difficulty for attackers by providing users an additional layer of security to accomplish authentication. Common 2FA methods are: TOTP/OTP (the One Time Password), Authenticator Applications (Bitwarden, KeePassXC,...), and Security Keys (Yubikey). This works similar to ATMs; to authenticate the user must provide both knowledge (account PIN) and a physical object (bank card).
Last, but not least, MFA (Multifactor Authentication). Similar to 2FA, MFA offers users security with the addition of biometrics (fingerprint scan, retina scan, facial recognition, and voice recognition). Attackers must overcome the knowledge factor, Possession factor, Inherence/Biometric factor, Time factor, and sometimes Location factor.
MORE helpful security information.
- FIDO Alliance Specifications.
- Field Guide to Two-Step Login.
2FA/MFA Known Attacks.
- Bots That Steal Your 2FA Codes.
- hackers are cracking two-factor authentication

Show Transcript

Automatically generated using whisper

whisper --model tiny --language en hpr3719.wav

You can save these subtitle files to the same location as the HPR Episode, and they will automatically show in players like mpv, vlc. Some players allow you to specify the subtitle file location.

<< First, < Previous, Next >, Latest >>

Comments

Comment #1 posted on 2022-11-04 16:28:42 by mike M.

Another form of typosquatting

Leave Comment

Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.

Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).

Your Name/Handle:
Title:
Comment:
Anti Spam Question:	What does the letter P in HPR stand for?
Are you a spammer?	Yes No
Who is the host of this show?
What does HPR mean to you?

Hacker Public Radio

Your ideas, projects, opinions - podcasted.

New episodes every weekday Monday through Friday.
This page was generated by The HPR Robot at Fri, 20 Dec 2024 00:02:44 +0000

hpr3719 :: HPR News

InfoSec; the language of security.

Part of the series: general.

InfoSec; the language of security.

What is Typosquatting and How Do Scammers Use it?

Two-factor and Multifactor Authentication.

Comments

Comment #1 posted on 2022-11-04 16:28:42 by mike M.

Another form of typosquatting

Leave Comment