Collaborate Disseminate
There is a malicious agent who is creating crude fake versions of my employer’s website. The real page is this and the copy is this one. Even if they made a really bad copy there are still people falling for it. And nothing p… Continue reading What can we do against fake pages spoofing our site? [migrated]
In an SMS conversation, my friend received a text message within our SMS thread that was clearly not sent from me, and that did not appear in my SMS thread. They took a screenshot and it is in Chinese characters.
Could this… Continue reading My personal phone sent a text message that I did not send
According to a new report, nearly 30% of all US calls placed in the first half of 2019 were garbage, as in, nuisance, scam or fraud calls. Continue reading Robocalls now flooding US phones with 200m calls per day
The company I work in as an intern is using CA spoofing.
When I check the certificate I have :
Issued to : security.stackexchange.com
Issued by : name of my company CA
So here I’m sure that this is CA spoofing.
It is th… Continue reading Company spoofing CAs, what are the privacy risks for the employees?
I sometimes use these features where I can use my Google account to sign in to different service providers. For example, the Postman app lets me sign in to it using either their own user store, or Google’s (I believe this uses the OAuth schema, but I could be wrong).
When I do this on a website, it’s pretty clear I am sending my Google credentials to Google, not to the site I’m trying to sign in to, as I can verify the URL in the browser. However, in native apps, I don’t see an easy way to check this. How do I know my credentials are being sent to Google, and not to Postman or some other site (by accident, or maliciously)?
See, for example, a screenshot of the Postman Google sign-in screen:
Note: I don’t think this is a duplicate of
How can an end-user verify the authenticity of a third-party authentication provider’s login form
That questions asks specifically about websites, I’m asking about native apps, where the accepted answer to that question does not apply. The answer does tough on that, but only to the extent that the user just needs to trust the native app. I am wondering if there is anything concrete I can do as a user to make sure the prompt is legitimate?
As security practices evolve, cybercriminals are finding new methods to carry out their attacks. Using highly personalized email attacks, carefully designed spear phishing attacks are being used to steal sensitive information such as login credentials… Continue reading Protecting Against Spear Phishing Attacks: A Guide
I’m doing some experimenting with Kali on my home network and was wondering about something regarding ARP spoofing.
When I ARP spoof another device AND the default gateway, Internet access stops working for said device. To get it working,… Continue reading Why does arp spoofing on a local network ‘break’ internet access for the victim?
With how rampant caller id spoofing is, I’m surprised no one has developed a method – some sort of external, voluntary verification service perhaps – that can be used to verify that the number on the caller id is legitimate.
… Continue reading Why are there no services that verify caller id authenticity? [on hold]
My fiancé has a drunkard, terrible ex. She sent me a screen shot of her phone saying he sent her a text but it’s not on his phone. He said he didn’t send it. The number at the top appears to be his in the screen shot. It is i… Continue reading Can the source of an SMS message be spoofed?
I am about to install some custom pi cameras that connect to my network via WiFi. I know people hack wifi through spoofing SSID.
My password is randomly generated and is impossible to brute force even without router protection and a supe… Continue reading WiFi security against spoofing attacks