[et_pb_section fb_built=”1″ _builder_version=”4.16.1″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_row _builder_version=”4.16.1″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”4_4″ _builder_version=”4.16.1″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.16.1″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n
I\u2019m frequently stunned when talking to friends and colleagues that these threats are abstract and academic.<\/p>\n
<\/p>\n
They either want to steal your data, and blackmail you into paying them, on the off-chance that you would trust someone that is fundamentally untrustworthy, or they want to use your data as a pathway to attack someone else.<\/p>\n
The threat today is called \u201cBITB\u201d and that stands for \u201cBrowser in the Browser\u201d. That isn\u2019t as double-dutch as it sounds.<\/p>\n
What\u2019s happened is that we have become used to tools that ask us to login using our credentials from something else.<\/p>\n
[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”3_5,2_5″ _builder_version=”4.16.1″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”3_5″ _builder_version=”4.16.1″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.16.1″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n
You\u2019ve seen boxes like these before: (thanks LinkedIn & TripAdvisor!) I\u2019m sure these are both perfectly secure, and the idea of logging in using trusted credentials from something like Google or Facebook makes perfect sense because it is less to remember, and it is better than having a simple password that you repeat across loads of sites.<\/p>\n
It is called SSO (Single Sign-On) and it\u2019s a huge help for most of us. In fact, these are so common that developers share their code with each other so they don\u2019t all have to reinvent the wheel and write the same modules.<\/p>\n
[\/et_pb_text][\/et_pb_column][et_pb_column type=”2_5″ _builder_version=”4.16.1″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_image src=”http:\/\/kinetics.co.nz\/wp-content\/uploads\/2022\/04\/SSOLogins.png” title_text=”SSOLogins” align_tablet=”center” align_phone=”center” align_last_edited=”on|desktop” _builder_version=”4.16.1″ _module_preset=”default” transform_scale=”104%|104%” transform_scale_tablet=”104%|104%” transform_scale_phone=”104%|104%” transform_scale_last_edited=”on|desktop” transform_translate=”7px|26px” transform_translate_tablet=”7px|26px” transform_translate_phone=”7px|26px” transform_translate_last_edited=”on|tablet” transform_translate_linked=”off” transform_rotate_tablet=”” transform_rotate_phone=”” transform_rotate_last_edited=”on|desktop” transform_skew_tablet=”” transform_skew_phone=”” transform_skew_last_edited=”on|desktop” transform_origin_tablet=”” transform_origin_phone=”” transform_origin_last_edited=”on|desktop” transform_styles_last_edited=”on|tablet” transform_styles_tablet=”” transform_styles_phone=”” global_colors_info=”{}” theme_builder_area=”post_content”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.16.1″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”1_2″ _builder_version=”4.16.1″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.16.1″ _module_preset=”default” hover_enabled=”0″ global_colors_info=”{}” theme_builder_area=”post_content” sticky_enabled=”0″]Unfortunately, the forces of darkness, the hackers, are starting to take advantage of our familiarity with these kinds of screens and they are creating fraudulent log in screens, even faking the URL. We haven\u2019t seen an example ourselves so the attached image is borrowed from TechRepublic<\/a>. You can see a distantly Eastern European flavour in this image, reflecting comments we\u2019ve made in earlier posts.<\/p>\n The hackers still have to compromise a website and add their malicious code to it, then wait for you to happily login and enter your details. Alternatively, they will lure you to a fake website with a fake login screen that you will grant access to with your Google\/Facebook etc credentials.[\/et_pb_text][\/et_pb_column][et_pb_column type=”1_2″ _builder_version=”4.16.1″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_image src=”http:\/\/kinetics.co.nz\/wp-content\/uploads\/2022\/04\/BITB.jpg” title_text=”BITB” _builder_version=”4.16.1″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.16.1″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”4_4″ _builder_version=”4.16.1″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.16.1″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":" Every day, there is a new cyber-threat to watch out for, and to warn friends and colleagues about. I\u2019m frequently stunned when talking to friends and colleagues that these threats are abstract and academic. For the sake of absolute clarity, these cyber risks are real and face us every day. Even small kiwi businesses […]<\/p>\n","protected":false},"author":5,"featured_media":9336,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4,5],"tags":[],"class_list":["post-9335","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security"],"_links":{"self":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/9335","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9335"}],"version-history":[{"count":0,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/9335\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/"}],"wp:attachment":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9335"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9335"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9335"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Your first lines of cyber defence:<\/h2>\n
\n