Tag Archives: trojan


算是為什麼企業要提供 Full Routing VPN 的一個攻擊管道的說明... 這篇介紹了在飯店裡透過 WiFi 攻擊企業的高階主管,想辦法塞木馬取得資訊,或是滲透進企業內部的網路:「Hackers are using hotel Wi-Fi to spy on guests, steal data」。 Those behind the campaign have continually evolved their tactics and malware payloads, blending phishing and social engineering with a complex Trojan, in … Continue reading

Posted in Computer, Murmuring, Network, Security, VPN|Tagged , , , , , , , , , , |Leave a comment


看到「AVG finds 11 year-old creating malware to steal game passwords」這篇裡面的說明: The company said it had recently reverse-engineered one piece of malware that turned out to be the handiwork of an 11 year-old Canadian boy intent on stealing passwords used to … Continue reading

Posted in Computer, Game, Murmuring, Network, Recreation, Security, Software|Tagged , , |1 Comment

為什麼有了 Google Authenticator 還要使用實體的 Two-Factor Token?

如標題的問題,因為 token 可以將 secret key 實體隔離開。 可以讀看看最近這篇報導:「Zitmo Trojan Variant Eurograbber Beats Two-Factor Authentication to Steal Millions」,其中這段: To date, the researchers said, Eurograbber has infected more than 30,000 users and stolen an estimated 36 million Euros. 對於開發木馬的人,銀行服務算是「經濟效益」最高的「投資」... 用簡訊也有類似的問題,實體的 OTP 算是目前最能抵抗這類攻擊的方式了...

Posted in Computer, Hardware, Murmuring, Security, Software|Tagged , , , , , , |Leave a comment