• 5 Posts
  • 457 Comments
Joined 2 years ago
cake
Cake day: June 19th, 2023

help-circle





  • You can probably get the URL for a companies SharePoint pretty easily, but you need a login. You are able to get a PAs credentials through a phishing link etc but need the 2fa code.

    You do the IT phishing attack (enter this code for me to fix your laptop being slow…), get them to enter the code and now you have access to a SharePoint instance full of confidential docs etc.

    I’m not saying it’s a great attack vector, but it’s not that different to a standard phishing attack.

    You could attack anything that’s using the single sign on. Attack their build infrastructure and you now have a supply chain attack against all of their customers etc.

    It helps but its not enough to counter the limits of human gullibility.





  • Nighed@sffa.communitytoAsklemmy@lemmy.mlCan I refuse MS Authenticator?
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    7 months ago

    Bad actor goes to super secret page while working on ‘fixing’ and issue for the user. They then get the 2 digit request code and ask the user to input it to ‘resolve’ the issue.

    Mostly the same as any other 2fa social engineering attack I guess, but the users phone does display what the code is for on the screen which could help… But if your falling for it probably not.





  • Nighed@sffa.communitytoAsklemmy@lemmy.mlCan I refuse MS Authenticator?
    link
    fedilink
    English
    arrow-up
    33
    arrow-down
    4
    ·
    7 months ago

    The ms authenticator works in ‘reverse’ in that you type the code on the screen into the phone. I assume this is preferable to corporate as you can’t be social engineered into giving out a 2fa token. It also has a “no this wasn’t me” button to allow you to (I assume) notify IT if you are getting requests that are not you.

    I don’t believe that the authenticator app gives them access to anything on your phone? (Happy to learn here) And I think android lets you make some kind of business partition if you feel the need to?





  • I would split digital privacy from the foss and Linux discussions. They attract the same people, but are fundamentally different topics.

    It also means you could get deeper into the digital privacy topic which is more useful to most people.

    For the digital privacy one, ask for a volunteer (or do you!) ahead of time and get them to do GDPR requests for apple, Google, Microsoft, Meta etc. sanitizer anything they want to hide, but do a demo of what big tech actually knows about them.

    Then go though how to prevent that and have a discussion on the pros and cons of that data collection. (Eg I don’t care about Google data tracking as I find the Google location history really useful)


  • It’s been a while since my politics A level, so I may get some of the terms wrong but hopefully the facts right.

    As the UK doesn’t have a formal constitution, it relies on convention and that parliament is effectively all powerful (under the crown) in that if parliament (encompassing both houses in this context) votes for something it can do it. (As it represents the will of the people and has the authority of the crown (less relevant in the modern day))

    Parliament can’t therefore lock a decision in such a way that a future parliament can’t change because the future parliament is still all powerful.

    In practice though this isn’t entirely the case. You can make a law like you said, and while a future parliament can break it, it would (probably) look bad on them. But what does that do to stop politicians?


    A further note on the previous chain - we go have two houses of parliament; the house of commons is the main one with the green benches that most will recognise. It has our elected representatives (MPs) in and (normally) where the PM is selected from.

    The house of lords (red benches, appointed members for life) is generally considered the check chamber. It used to be able to block laws entirely, but I believe lost that power semi recently and it can now be overruled by the commons after 2/3 rejections.


  • Everything is eventually decided by the majority of votes in the house of commons. Even if you put a law in saying that the pm can’t do this without a 80% vote, that law itself could be repealed with a 50% vote.

    Theoretically it would only require a 50% vote to remove elections or something crazy. (Although in practice that might not get past the king who technically has the final say)

    There is no formal constitution that has more protection like in some countries.