重設密碼 + Social Engineering

在「The password reset MitM attack」這邊看到 PRMitM (Password Reset Man-in-the-Middle) 這樣的攻擊,原始論文在「The Password Reset MitM Attack」這邊可以取得。

用圖說明基本版的攻擊方式:

另外列出了各大站台的狀態:

以及各家簡訊的文字,可以發現不是每一家都有把產品的名稱寫上去:

這方法好有趣啊... XD

This entry was posted in Computer, Murmuring, Network, Security, Service, WWW and tagged , , , , , , , , , , , . Bookmark the permalink.

One Response to 重設密碼 + Social Engineering

  1. Dennis says:

    Security questions are worst kind of security

Leave a Reply

Your email address will not be published. Required fields are marked *