Today : E038-2024 Cyberium Podcast - Targeted Attack on Gmail and Microsoft - Hackers Bypass Two-Factor Authentication with Phishing Platforms by Raffaele DI MARZIO - https://technocratico.it/
PODCAST IN ENGLISH : https://technocratico.it/cyberium-podcast/
In each episode, we dive into articles published on technocratico.it by Raffaele Di Marzio or explore his reflections brought to life through AI analysis and techniques, powered by Gemini Pro, which present in-depth discussions in English, explaining the topics in a simple and concise manner. Our mission is to reveal, in a straightforward yet precise way, how technology influences every aspect of our personal and professional lives. Whether you're a tech industry professional seeking expert insights or a curious listener wanting to understand how digital security impacts your daily life, Cyberium is your gateway to comprehending the holistic influence of technology, offering a unique perspective thanks to the integration of cutting-edge AI analysis.
Tune in to gain valuable perspectives and stay ahead in the rapidly evolving tech landscape.
All reproductions rights are reserved by Cyberium Media Miami Productions and Technocratico.it
Content & Direction Creator : Raffaele DI MARZIO https://www.linkedin.com/in/raffaeledimarzio/
For inquiries, you can reach us at podcast@cyberium.media
PODCAST IN ENGLISH : https://technocratico.it/cyberium-podcast/
In each episode, we dive into articles published on technocratico.it by Raffaele Di Marzio or explore his reflections brought to life through AI analysis and techniques, powered by Gemini Pro, which present in-depth discussions in English, explaining the topics in a simple and concise manner. Our mission is to reveal, in a straightforward yet precise way, how technology influences every aspect of our personal and professional lives. Whether you're a tech industry professional seeking expert insights or a curious listener wanting to understand how digital security impacts your daily life, Cyberium is your gateway to comprehending the holistic influence of technology, offering a unique perspective thanks to the integration of cutting-edge AI analysis.
Tune in to gain valuable perspectives and stay ahead in the rapidly evolving tech landscape.
All reproductions rights are reserved by Cyberium Media Miami Productions and Technocratico.it
Content & Direction Creator : Raffaele DI MARZIO https://www.linkedin.com/in/raffaeledimarzio/
For inquiries, you can reach us at podcast@cyberium.media
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:02):
Welcome to Siberian Here, technology and cybersecurity are made simple
for everyone. Whether you're a tech geek or just curious
about the digital world, we've got you covered. Each episode,
we dive into the latest topics from technocratico dot it
and break them down so you can stay informed and protected.
Speaker 2 (00:23):
This is a.
Speaker 1 (00:23):
Siberian Media Miami production. Let's get into it.
Speaker 2 (00:28):
The scab and gulcious flame make us a.
Speaker 3 (00:32):
Blood pack fave, to love it, to fuck it, to honess,
see ourselves.
Speaker 2 (00:42):
And remember this.
Speaker 3 (00:48):
Hey everyone, and welcome back for another deep dive today.
It looks like we're diving into the world of Gmail
and Microsoft security, specifically some new phishing attacks.
Speaker 4 (01:00):
Yeah, we've got some really interesting articles for this one,
especially this piece from Technocratico Don e okay, and it
really highlights how these attacks are getting around what we
all thought was like the holy grail of online security
two factor authentication.
Speaker 3 (01:15):
Yeah.
Speaker 2 (01:16):
It's almost ironic, isn't it.
Speaker 4 (01:17):
It is. We think we've got this fortress around our
accounts and then bam, someone's figured out how to like
sneak into the back window. It's got good analogy, So
let's unpack this a bit, because I think a lot
of us, myself included, thought TWOFA was pretty much the
be all and end all, right, but clearly that's not
the case. So how are these attacks actually getting past
two factor authentication? Are we talking about like some crazy
(01:37):
code breaking here?
Speaker 3 (01:40):
Not really, No, it's actually a lot more about trickery
than brute force.
Speaker 2 (01:44):
Okay.
Speaker 3 (01:45):
It all starts with these super convincing fishing pages.
Speaker 2 (01:48):
Okay, and I'm not talking about the kind.
Speaker 3 (01:50):
Of generic enter your password here scams we've all seen before.
I mean, these are like seriously sophisticated fakes. They look
almost identical to the real log in pages.
Speaker 4 (02:02):
So it's more than just getting a sketchy email with
a suspicious link. These attacks are almost like designed to
trick even the most caution people.
Speaker 2 (02:11):
Absolutely, and that's what makes them so effective.
Speaker 4 (02:13):
So how does it work? Let's say I get one
of these fishing emails? Yeah, I click the link? What
am I going to see? How do they actually pull
this off?
Speaker 2 (02:20):
Okay?
Speaker 3 (02:21):
So you see an email that looks just like it's
from Google or Microsoft, subject line, everything looks legit, and
they tell you need to verify your account or something like.
Speaker 4 (02:28):
That, which is something we're all kind of conditioned to
do these days.
Speaker 2 (02:31):
Exactly.
Speaker 3 (02:31):
So you click the link and it takes you to
a login page.
Speaker 2 (02:34):
And here's the thing.
Speaker 3 (02:35):
It looks exactly like the real deal.
Speaker 4 (02:38):
Okay, So you could even be checking the URL making
sure it says like gmail dot com or whatever.
Speaker 2 (02:43):
You might even do that, and it seems right at
a glance.
Speaker 3 (02:45):
But here's the catch. You're not actually on the real website.
You've been directed to a fake site that the attackers controlled.
Speaker 4 (02:54):
It's like a it's like a digital funhouse kind of. Yeah, exactly,
mirrors everywhere.
Speaker 2 (02:59):
Yeah, you're being led down a very specific path.
Speaker 4 (03:01):
Okay, but even if they can trick me into landing
on their fake site, how are they getting past the
two fa I mean, I still need that code from
my phone or my email to actually get into my account.
Speaker 2 (03:13):
Right, that's where the man in the middle part comes in.
Speaker 4 (03:15):
In the middle what is that?
Speaker 3 (03:16):
So it's a technique also called mit M, and it's
it's basically like this. Imagine you're sending a postcard, okay,
but before it reaches your friends, someone intercepts it, reads it,
maybe even changes a few things, and then delivers it.
Speaker 4 (03:28):
Okay, So to your.
Speaker 3 (03:29):
Friend, everything seems normal, but they're actually getting a manipulated message.
Speaker 4 (03:33):
So this case, the attackers are like digital spies. They're
intercepting my communication with Gmail or Microsoft.
Speaker 2 (03:40):
Precisely.
Speaker 3 (03:41):
They set up a system that sits between you and
the real website. It acts as a kind of invisible middleman.
Speaker 4 (03:47):
Okay, so when I enter my username and password on
that convincing fake site, those credentials aren't actually going to
Google or Microsoft. They're going straight to the.
Speaker 3 (03:56):
Attackers, right. And here's the really clever part that system.
Speaker 2 (04:00):
The attackers have set up.
Speaker 3 (04:01):
It immediately relays your information to the real site in
real time.
Speaker 4 (04:05):
So while I'm sitting here waiting for that two factor
authentication code, thinking everything's fine and dandy, the attackers have
already used my info to try and log into.
Speaker 3 (04:14):
My real account exactly.
Speaker 4 (04:16):
And then I, like a sucker, I type in that
code from my phone or email, and.
Speaker 2 (04:19):
Bam and bam, They've got you.
Speaker 4 (04:21):
They're in.
Speaker 2 (04:22):
That's right.
Speaker 3 (04:23):
Your real account gets that code, thinks it's you and
lets them write in Wow.
Speaker 4 (04:30):
That is It's like one of those moments in a
movie where you realize you walked into a trap. Right,
everything seems fine when you look around and realize something's
definitely off. It's unsettling, to say the least.
Speaker 3 (04:41):
It really highlights the importance of understanding these attacks, because
it's not just about being careless anymore. These attacks are
designed to fool even the most security conscious people.
Speaker 4 (04:52):
You mentioned a tool earlier that these attackers often use,
Evil Jinks. I think it was called what is that exactly?
Is it like some kind of super secret hacker software?
Speaker 2 (05:02):
It sounds very dramatic, doesn't it Evil Jinks? It does.
Speaker 3 (05:05):
It's essentially a toolkit that makes it easier to set
up these man in the middle attacks.
Speaker 4 (05:10):
Okay, and is this something that, like, I don't know,
only the most elite hackers have access to, or is
this something that's out there?
Speaker 2 (05:17):
You might be surprised.
Speaker 3 (05:18):
It does require some technical know how, but it's not
exactly a state secret.
Speaker 2 (05:23):
It's well known in the cybersecurity world.
Speaker 4 (05:25):
Okay, So anyone with the right skills could potentially get
their hands on.
Speaker 2 (05:29):
This stuff potentially. Yeah, and here's the other thing about
Evil Drinks. It can also be used to steal something
called session cookies.
Speaker 4 (05:35):
Session cookies. Oh okay, now we're getting into like baking
metaphors or something, right.
Speaker 2 (05:40):
A little bit so session cookies.
Speaker 3 (05:41):
They're basically like little digital tokens that websites used to
remember that you're logged in so you don't have to
enter your password every single time.
Speaker 4 (05:49):
Right. We all love those exactly.
Speaker 3 (05:51):
They're super convenient, but they can also be exploited.
Speaker 4 (05:54):
Okay, So how did these session cookies play into these
phishing attacks?
Speaker 3 (05:59):
So say the attackers use evil jinks to snag your
session cookie along with your logging credentials. Now they might
be able to access your account even without needing your
password in the future.
Speaker 4 (06:10):
Wait, so even if I realize I've been tricked and
I changed my password immediately, right, they might still be
able to get in because they've got this session cookie.
Speaker 3 (06:18):
It's a possibility, and it's one of the things that
makes these attacks particularly nasty.
Speaker 4 (06:22):
That is nasty. So where does this leave us with
two factor authentication?
Speaker 2 (06:26):
Then?
Speaker 4 (06:27):
Is it just completely useless?
Speaker 2 (06:28):
No, I wouldn't go that far.
Speaker 3 (06:30):
I mean, two factor authentication is still a really important
layer of security.
Speaker 4 (06:34):
Okay.
Speaker 3 (06:34):
In the vast majority of cases, it's going to stop
attacks in their tracks.
Speaker 4 (06:39):
It's like having a security guard at the door.
Speaker 2 (06:41):
Exactly.
Speaker 4 (06:42):
They might not catch every single person trying to sneak in,
but they're going to deter a lot of casual attempts, right.
Speaker 3 (06:48):
The problem with these particular attacks is that they're finding
ways to, let's say, circumvent the security guard.
Speaker 4 (06:57):
Right, They're finding a way to climb in through the
window or something exactly. So, if these guys are basically
teleporting past our digital security guards, what can we do
to actually protect ourselves? It feels like we need like
a whole new security system for our online lives.
Speaker 3 (07:11):
It's a good point, and the good news is those
new systems are starting to emerge. We've talked about two
factor authentication, but you might have also heard of things
like web often and Fido two.
Speaker 4 (07:22):
I have heard those terms, yeah, but I'll be honest,
I'm not entirely sure I understand how they work. They
sound pretty.
Speaker 3 (07:29):
Technical, they are a bit technical under the hood, but
the concept is actually pretty simple. Imagine, instead of sending
a code to your phone that can be intercepted, you
have this unique key that only.
Speaker 2 (07:39):
Fits a specific lock.
Speaker 3 (07:41):
Okay, and with web often and Fido two, that key
is a cryptographic key that stored securely on your device,
and the lock is the website or service you're trying
to log into.
Speaker 4 (07:51):
So instead of sending a code that could be you know,
snatched out of the air, this key directly proves that
it's me logging in. No more man in the middle
shenanigans exactly.
Speaker 3 (08:00):
And because that key never actually leaves your device, it
makes it incredibly difficult for attackers to steal or duplicate.
Even if they manage to make a perfect copy of
the website you're trying to access, they can't fake having
that unique key.
Speaker 4 (08:13):
Okay, that makes sense. It sounds like a much needed
upgrade to our online security system. So are these things
web offen in Fido? Two? Are they? Are they widely
available yet?
Speaker 2 (08:24):
Like?
Speaker 4 (08:25):
Can I start using this stuff today to protect my
Gmail or Microsoft account?
Speaker 2 (08:28):
You're likely to see them more and more.
Speaker 3 (08:30):
A lot of major platforms and services are starting to
adopt web often in Fido too, so keep an eye
out for those options in your security settings. But it's
important to remember technology is only one part of the solution.
Speaker 4 (08:42):
Right Because I mean, with the best security system in
the world, if I click on a phishing link and
I you know, I willingly hand over my information, then
it doesn't really matter how strong my digital locks are.
Speaker 2 (08:54):
You're absolutely right. User awareness is still paramount.
Speaker 3 (08:57):
I mean, we can have all the fancy tech in
the world, but if we're not paying it tension and
we're not careful about the links we click on and
the information we give out, we're still vulnerable.
Speaker 4 (09:04):
So it's a two pronged approach, beefing up our tech
with things like web often, but also staying sharp about
potential phishing tactics. We have to be proactive, not reactive,
when it comes to our online security.
Speaker 3 (09:18):
I think that's a great takeaway, and it actually brings
up another really interesting point. AI Artificial intelligence is starting
to play a bigger and bigger role in cybersecurity, both
for better and for worse. On the defensive side, we've
got AI powered tools that can monitor for suspicious activity
and potentially even stop attacks before they reach us.
Speaker 4 (09:37):
So it's like having a super vigilant security guard that's
constantly watching over our online activity and looking for anything
that seems even slightly off exactly.
Speaker 3 (09:47):
AI can analyze huge amounts of data, looking for patterns
and anomalies that might indicate an attack, and it can
do it much faster and more effectively than any human
ever could.
Speaker 4 (09:56):
Okay, that's somewhat reassuring. We have to ask, if we're
using AI to bolster our defenses, aren't the attackers using
it too.
Speaker 3 (10:06):
It's a valid concern, and unfortunately the answer is yes.
AI is a tool, and like any tool, it can
be used for good or for evil. Right as AI
technology advances, we're going to see increasingly sophisticated phishing attacks,
things that are even harder to detect even for someone
who's really paying.
Speaker 4 (10:21):
Attention, like AI generated phishing emails that are so well
crafted they're almost indistinguishable from the real thing exactly.
Speaker 3 (10:29):
It's a bit of a scary thought, but it's the
reality we're facing.
Speaker 4 (10:32):
It feels like we're entering a whole new era of
online security, one where the lines between the real and
the fake are becoming increasingly blurred.
Speaker 3 (10:40):
It's true, and it's an important reminder that cybersecurity is
an ongoing process. It's not something we can just set
and forget.
Speaker 4 (10:47):
So to some things up for our listener today. Two
factor authentication good but not foolproof, especially with these new
attacks targeting Gmail and Microsoft accounts. Staying informed, being wary
of phishing, considering more robust security like web often all vital.
Speaker 3 (11:03):
Absolutely, and perhaps even more importantly, we need to be
aware of the evolving threat landscape. AI is changing the
game both for attackers and defenders.
Speaker 2 (11:12):
The more we know about.
Speaker 3 (11:13):
These technologies, the better equipment will be to protect ourselves.
Speaker 4 (11:16):
It's a lot to think about, but it's definitely better
to be informed than caught off guard. So for our
listener and for everyone else out there, stay informed, be cautious,
and maybe brush up on your AI knowledge. Who knows
you might be the one to develop the next big
cybersecurity breakthrough. Until next time, stay safe in the digital world.
Speaker 3 (11:35):
Subsatlaws full of salts. Who are you going to class?
Speaker 4 (11:46):
All reproduction rights are reserved by Siberium Media, Miami Production
and Technocratico dot it.
Speaker 3 (11:52):
For inquiries, you can reach us at podcasts at Siberium
dot Media.
Welcome to Siberian Here, technology and cybersecurity are made simple
for everyone. Whether you're a tech geek or just curious
about the digital world, we've got you covered. Each episode,
we dive into the latest topics from technocratico dot it
and break them down so you can stay informed and protected.
Speaker 2 (00:23):
This is a.
Speaker 1 (00:23):
Siberian Media Miami production. Let's get into it.
Speaker 2 (00:28):
The scab and gulcious flame make us a.
Speaker 3 (00:32):
Blood pack fave, to love it, to fuck it, to honess,
see ourselves.
Speaker 2 (00:42):
And remember this.
Speaker 3 (00:48):
Hey everyone, and welcome back for another deep dive today.
It looks like we're diving into the world of Gmail
and Microsoft security, specifically some new phishing attacks.
Speaker 4 (01:00):
Yeah, we've got some really interesting articles for this one,
especially this piece from Technocratico Don e okay, and it
really highlights how these attacks are getting around what we
all thought was like the holy grail of online security
two factor authentication.
Speaker 3 (01:15):
Yeah.
Speaker 2 (01:16):
It's almost ironic, isn't it.
Speaker 4 (01:17):
It is. We think we've got this fortress around our
accounts and then bam, someone's figured out how to like
sneak into the back window. It's got good analogy, So
let's unpack this a bit, because I think a lot
of us, myself included, thought TWOFA was pretty much the
be all and end all, right, but clearly that's not
the case. So how are these attacks actually getting past
two factor authentication? Are we talking about like some crazy
(01:37):
code breaking here?
Speaker 3 (01:40):
Not really, No, it's actually a lot more about trickery
than brute force.
Speaker 2 (01:44):
Okay.
Speaker 3 (01:45):
It all starts with these super convincing fishing pages.
Speaker 2 (01:48):
Okay, and I'm not talking about the kind.
Speaker 3 (01:50):
Of generic enter your password here scams we've all seen before.
I mean, these are like seriously sophisticated fakes. They look
almost identical to the real log in pages.
Speaker 4 (02:02):
So it's more than just getting a sketchy email with
a suspicious link. These attacks are almost like designed to
trick even the most caution people.
Speaker 2 (02:11):
Absolutely, and that's what makes them so effective.
Speaker 4 (02:13):
So how does it work? Let's say I get one
of these fishing emails? Yeah, I click the link? What
am I going to see? How do they actually pull
this off?
Speaker 2 (02:20):
Okay?
Speaker 3 (02:21):
So you see an email that looks just like it's
from Google or Microsoft, subject line, everything looks legit, and
they tell you need to verify your account or something like.
Speaker 4 (02:28):
That, which is something we're all kind of conditioned to
do these days.
Speaker 2 (02:31):
Exactly.
Speaker 3 (02:31):
So you click the link and it takes you to
a login page.
Speaker 2 (02:34):
And here's the thing.
Speaker 3 (02:35):
It looks exactly like the real deal.
Speaker 4 (02:38):
Okay, So you could even be checking the URL making
sure it says like gmail dot com or whatever.
Speaker 2 (02:43):
You might even do that, and it seems right at
a glance.
Speaker 3 (02:45):
But here's the catch. You're not actually on the real website.
You've been directed to a fake site that the attackers controlled.
Speaker 4 (02:54):
It's like a it's like a digital funhouse kind of. Yeah, exactly,
mirrors everywhere.
Speaker 2 (02:59):
Yeah, you're being led down a very specific path.
Speaker 4 (03:01):
Okay, but even if they can trick me into landing
on their fake site, how are they getting past the
two fa I mean, I still need that code from
my phone or my email to actually get into my account.
Speaker 2 (03:13):
Right, that's where the man in the middle part comes in.
Speaker 4 (03:15):
In the middle what is that?
Speaker 3 (03:16):
So it's a technique also called mit M, and it's
it's basically like this. Imagine you're sending a postcard, okay,
but before it reaches your friends, someone intercepts it, reads it,
maybe even changes a few things, and then delivers it.
Speaker 4 (03:28):
Okay, So to your.
Speaker 3 (03:29):
Friend, everything seems normal, but they're actually getting a manipulated message.
Speaker 4 (03:33):
So this case, the attackers are like digital spies. They're
intercepting my communication with Gmail or Microsoft.
Speaker 2 (03:40):
Precisely.
Speaker 3 (03:41):
They set up a system that sits between you and
the real website. It acts as a kind of invisible middleman.
Speaker 4 (03:47):
Okay, so when I enter my username and password on
that convincing fake site, those credentials aren't actually going to
Google or Microsoft. They're going straight to the.
Speaker 3 (03:56):
Attackers, right. And here's the really clever part that system.
Speaker 2 (04:00):
The attackers have set up.
Speaker 3 (04:01):
It immediately relays your information to the real site in
real time.
Speaker 4 (04:05):
So while I'm sitting here waiting for that two factor
authentication code, thinking everything's fine and dandy, the attackers have
already used my info to try and log into.
Speaker 3 (04:14):
My real account exactly.
Speaker 4 (04:16):
And then I, like a sucker, I type in that
code from my phone or email, and.
Speaker 2 (04:19):
Bam and bam, They've got you.
Speaker 4 (04:21):
They're in.
Speaker 2 (04:22):
That's right.
Speaker 3 (04:23):
Your real account gets that code, thinks it's you and
lets them write in Wow.
Speaker 4 (04:30):
That is It's like one of those moments in a
movie where you realize you walked into a trap. Right,
everything seems fine when you look around and realize something's
definitely off. It's unsettling, to say the least.
Speaker 3 (04:41):
It really highlights the importance of understanding these attacks, because
it's not just about being careless anymore. These attacks are
designed to fool even the most security conscious people.
Speaker 4 (04:52):
You mentioned a tool earlier that these attackers often use,
Evil Jinks. I think it was called what is that exactly?
Is it like some kind of super secret hacker software?
Speaker 2 (05:02):
It sounds very dramatic, doesn't it Evil Jinks? It does.
Speaker 3 (05:05):
It's essentially a toolkit that makes it easier to set
up these man in the middle attacks.
Speaker 4 (05:10):
Okay, and is this something that, like, I don't know,
only the most elite hackers have access to, or is
this something that's out there?
Speaker 2 (05:17):
You might be surprised.
Speaker 3 (05:18):
It does require some technical know how, but it's not
exactly a state secret.
Speaker 2 (05:23):
It's well known in the cybersecurity world.
Speaker 4 (05:25):
Okay, So anyone with the right skills could potentially get
their hands on.
Speaker 2 (05:29):
This stuff potentially. Yeah, and here's the other thing about
Evil Drinks. It can also be used to steal something
called session cookies.
Speaker 4 (05:35):
Session cookies. Oh okay, now we're getting into like baking
metaphors or something, right.
Speaker 2 (05:40):
A little bit so session cookies.
Speaker 3 (05:41):
They're basically like little digital tokens that websites used to
remember that you're logged in so you don't have to
enter your password every single time.
Speaker 4 (05:49):
Right. We all love those exactly.
Speaker 3 (05:51):
They're super convenient, but they can also be exploited.
Speaker 4 (05:54):
Okay, So how did these session cookies play into these
phishing attacks?
Speaker 3 (05:59):
So say the attackers use evil jinks to snag your
session cookie along with your logging credentials. Now they might
be able to access your account even without needing your
password in the future.
Speaker 4 (06:10):
Wait, so even if I realize I've been tricked and
I changed my password immediately, right, they might still be
able to get in because they've got this session cookie.
Speaker 3 (06:18):
It's a possibility, and it's one of the things that
makes these attacks particularly nasty.
Speaker 4 (06:22):
That is nasty. So where does this leave us with
two factor authentication?
Speaker 2 (06:26):
Then?
Speaker 4 (06:27):
Is it just completely useless?
Speaker 2 (06:28):
No, I wouldn't go that far.
Speaker 3 (06:30):
I mean, two factor authentication is still a really important
layer of security.
Speaker 4 (06:34):
Okay.
Speaker 3 (06:34):
In the vast majority of cases, it's going to stop
attacks in their tracks.
Speaker 4 (06:39):
It's like having a security guard at the door.
Speaker 2 (06:41):
Exactly.
Speaker 4 (06:42):
They might not catch every single person trying to sneak in,
but they're going to deter a lot of casual attempts, right.
Speaker 3 (06:48):
The problem with these particular attacks is that they're finding
ways to, let's say, circumvent the security guard.
Speaker 4 (06:57):
Right, They're finding a way to climb in through the
window or something exactly. So, if these guys are basically
teleporting past our digital security guards, what can we do
to actually protect ourselves? It feels like we need like
a whole new security system for our online lives.
Speaker 3 (07:11):
It's a good point, and the good news is those
new systems are starting to emerge. We've talked about two
factor authentication, but you might have also heard of things
like web often and Fido two.
Speaker 4 (07:22):
I have heard those terms, yeah, but I'll be honest,
I'm not entirely sure I understand how they work. They
sound pretty.
Speaker 3 (07:29):
Technical, they are a bit technical under the hood, but
the concept is actually pretty simple. Imagine, instead of sending
a code to your phone that can be intercepted, you
have this unique key that only.
Speaker 2 (07:39):
Fits a specific lock.
Speaker 3 (07:41):
Okay, and with web often and Fido two, that key
is a cryptographic key that stored securely on your device,
and the lock is the website or service you're trying
to log into.
Speaker 4 (07:51):
So instead of sending a code that could be you know,
snatched out of the air, this key directly proves that
it's me logging in. No more man in the middle
shenanigans exactly.
Speaker 3 (08:00):
And because that key never actually leaves your device, it
makes it incredibly difficult for attackers to steal or duplicate.
Even if they manage to make a perfect copy of
the website you're trying to access, they can't fake having
that unique key.
Speaker 4 (08:13):
Okay, that makes sense. It sounds like a much needed
upgrade to our online security system. So are these things
web offen in Fido? Two? Are they? Are they widely
available yet?
Speaker 2 (08:24):
Like?
Speaker 4 (08:25):
Can I start using this stuff today to protect my
Gmail or Microsoft account?
Speaker 2 (08:28):
You're likely to see them more and more.
Speaker 3 (08:30):
A lot of major platforms and services are starting to
adopt web often in Fido too, so keep an eye
out for those options in your security settings. But it's
important to remember technology is only one part of the solution.
Speaker 4 (08:42):
Right Because I mean, with the best security system in
the world, if I click on a phishing link and
I you know, I willingly hand over my information, then
it doesn't really matter how strong my digital locks are.
Speaker 2 (08:54):
You're absolutely right. User awareness is still paramount.
Speaker 3 (08:57):
I mean, we can have all the fancy tech in
the world, but if we're not paying it tension and
we're not careful about the links we click on and
the information we give out, we're still vulnerable.
Speaker 4 (09:04):
So it's a two pronged approach, beefing up our tech
with things like web often, but also staying sharp about
potential phishing tactics. We have to be proactive, not reactive,
when it comes to our online security.
Speaker 3 (09:18):
I think that's a great takeaway, and it actually brings
up another really interesting point. AI Artificial intelligence is starting
to play a bigger and bigger role in cybersecurity, both
for better and for worse. On the defensive side, we've
got AI powered tools that can monitor for suspicious activity
and potentially even stop attacks before they reach us.
Speaker 4 (09:37):
So it's like having a super vigilant security guard that's
constantly watching over our online activity and looking for anything
that seems even slightly off exactly.
Speaker 3 (09:47):
AI can analyze huge amounts of data, looking for patterns
and anomalies that might indicate an attack, and it can
do it much faster and more effectively than any human
ever could.
Speaker 4 (09:56):
Okay, that's somewhat reassuring. We have to ask, if we're
using AI to bolster our defenses, aren't the attackers using
it too.
Speaker 3 (10:06):
It's a valid concern, and unfortunately the answer is yes.
AI is a tool, and like any tool, it can
be used for good or for evil. Right as AI
technology advances, we're going to see increasingly sophisticated phishing attacks,
things that are even harder to detect even for someone
who's really paying.
Speaker 4 (10:21):
Attention, like AI generated phishing emails that are so well
crafted they're almost indistinguishable from the real thing exactly.
Speaker 3 (10:29):
It's a bit of a scary thought, but it's the
reality we're facing.
Speaker 4 (10:32):
It feels like we're entering a whole new era of
online security, one where the lines between the real and
the fake are becoming increasingly blurred.
Speaker 3 (10:40):
It's true, and it's an important reminder that cybersecurity is
an ongoing process. It's not something we can just set
and forget.
Speaker 4 (10:47):
So to some things up for our listener today. Two
factor authentication good but not foolproof, especially with these new
attacks targeting Gmail and Microsoft accounts. Staying informed, being wary
of phishing, considering more robust security like web often all vital.
Speaker 3 (11:03):
Absolutely, and perhaps even more importantly, we need to be
aware of the evolving threat landscape. AI is changing the
game both for attackers and defenders.
Speaker 2 (11:12):
The more we know about.
Speaker 3 (11:13):
These technologies, the better equipment will be to protect ourselves.
Speaker 4 (11:16):
It's a lot to think about, but it's definitely better
to be informed than caught off guard. So for our
listener and for everyone else out there, stay informed, be cautious,
and maybe brush up on your AI knowledge. Who knows
you might be the one to develop the next big
cybersecurity breakthrough. Until next time, stay safe in the digital world.
Speaker 3 (11:35):
Subsatlaws full of salts. Who are you going to class?
Speaker 4 (11:46):
All reproduction rights are reserved by Siberium Media, Miami Production
and Technocratico dot it.
Speaker 3 (11:52):
For inquiries, you can reach us at podcasts at Siberium
dot Media.
Popular Podcasts
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
The Clay Travis and Buck Sexton Show
The Clay Travis and Buck Sexton Show. Clay Travis and Buck Sexton tackle the biggest stories in news, politics and current events with intelligence and humor. From the border crisis, to the madness of cancel culture and far-left missteps, Clay and Buck guide listeners through the latest headlines and hot topics with fun and entertaining conversations and opinions.