Security - list of most popular online security attacks and protection against cyber attacks (apps, websites, phone)
NOTE: this is blog post, do not edit me this post. Thank you.
So, this is post about online security attacks.
This post is part in English and Polish.
Articles
2FA - Two-factor authentication
Shortcuts:
- MFA - Multi-factor authentication
- 2FA - Two-factor authentication
- FIDO - Fast IDentity Online
- OTP - One-time password
- TOTP - Time-based One-time Password
- HOTP - HMAC-based One-Time Password
- HMAC - hash-based message authentication codes
Articles:
- MFA - Multi-factor authentication
- What Is Two-Factor Authentication (2FA)?
- Time-based One-time Password (TOTP)
- One-time password (OTP)
- HMAC-based One-Time Password
- FIDO2 Project
- FIDO Alliance
Posts:
Apps:
Hardware authentication devices
- YubiKey
- Google Titan Security Key
- Yubikey vs Google Titan Security Key
- Inside Yubikey 5 Neo
- Inside Google Titan/Feitian Key
YubiKey
- You Should Be Using Yubikeys!
- How to secure your GMAIL account like a pro | YubiKey Tutorial
- Lockdown Your Accounts! Best 2FA or MFA FIDO U2F Security Keys
- Jak używać YubiKey? Co to jest 2FA/U2F/FIDO2?
- Yubikey 5C NFC Review! // The BEST Hardware Security Key?!
- [Explained] Yubikey 5.0 - How to use a Yubikey & LastPass to Secure all your online Accounts!
Google Titan Security Key
Password managers
Apps:
KeePass
- unofficial mirror of the official KeePass2.x source code
- keepass website
- KeePassX - KeePassX started as a Linux port of KeePass
Hacking passwords
Hackers
Articles
Security conference
Antivirus
Attacks
SIM swapping
- SIM swap scam (SIM swapping)
- In 2019, Twitter CEO Jack Dorsey's Twitter account was hacked via this method - source
- Jak działa kradzież karty SIM? Co to jest SIM swap?
- SIM Card Swapping Scams | NBC 6
- Digital Defense: How to Protect Against SIM Card Hijacking (08/23/18)
- Sim fraud: how scammers can steal your Sim card and hack your bank accounts - Which?
Story of Ross - lost million dollars
SIM Card Swapping Scams | NBC 6
Cell phone suddenly shows no service I freaked out. One minute robbed Ross's investment accounts added up to a million dollars, the next zero I was devastated, I mean I don't have it, was about 90% of my net worth Ross worked at Apple in the early days. He started saving 30 years ago, but in a matter of minutes hackers recently stole his retirement.
Top vulnerabilities (2012)
According to the security vendor Cenzic, the top vulnerabilities in March 2012 include:
- 37% Cross-site scripting
- 16% SQL injection
- 5% Path disclosure
- 5% Denial-of-service attack
- 4% Arbitrary code execution
- 4% Memory corruption
- 4% Cross-site request forgery
- 3% Data breach (information disclosure)
- 3% Arbitrary file inclusion
- 2% Local file inclusion
- 1% Remote file inclusion
- 1% Buffer overflow
- 15% Other, including code injection (PHP/JavaScript), etc.
Source: Web application security
OWASP Top 10 web application security risks (2017)
According to the OWASP Top 10 - 2017, the ten most critical web application security risks include:
- Injection
- Broken authentication
- Sensitive data exposure
- XML external entities (XXE)
- Broken access control
- Security misconfiguration
- Cross-site scripting (XSS)
- Insecure deserialization
- Using components with known vulnerabilities
- Insufficient logging and monitoring
Source: Web application security