InvestorsHub Logo
Boards
News
Market Data
Markets
Discover
Discover
AI Subscribe Login/Register account icon
S&P 500
5,745.37
(
0.40%
)
US TECH 100
19,584.40
(
0.78%
)
Dow Jones
42,175.11
(
0.62%
)
Brent Oil
70.81
(
-3.26%
)
Bitcoin
64,885.28
(
2.77%
)
Post# of 249593
Next 10
Reply Private New
Public Reply Private Reply New Post
Keep Last Read
Keep Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

Genz2

Send PM Follow Ignore
Followers 5
Posts 3020
Boards Moderated 0
Alias Born 09/06/2006

Genz2

Re: None

Tuesday, 07/07/2020 9:27:54 PM

Tuesday, July 07, 2020 9:27:54 PM

Post# of 249593
FBI Director Wray warns of Chinese hacking, espionage threats against American companies

https://thehill.com/policy/cybersecurity/506250-fbi-director-wray-warns-of-chinese-hacking-espionage-threats-against
==================================================================
Chinese Hackers Bypassing Two-Factor Authentication

https://securityboulevard.com/2019/12/chinese-hackers-bypassing-two-factor-authentication/

Interesting story of how a Chinese state-sponsored hacking group is bypassing the RSA SecurID two-factor authentication system.

?How they did it remains unclear; although, the Fox-IT team has their theory. They said APT20 stole an RSA SecurID software token from a hacked system, which the Chinese actor then used on its computers to generate valid one-time codes and bypass 2FA at will.

?Normally, this wouldn’t be possible. To use one of these software tokens, the user would need to connect a physical (hardware) device to their computer. The device and the software token would then generate a valid 2FA code. If the device was missing, the RSA SecureID software would generate an error.

?The Fox-IT team explains how hackers might have gone around this issue:

?The software token is generated for a specific system, but of course this system specific value could easily be retrieved by the actor when having access to the system of the victim.

?As it turns out, the actor does not actually need to go through the trouble of obtaining the victim’s system specific value, because this specific value is only checked when importing the SecurID Token Seed, and has no relation to the seed used to generate actual 2-factor tokens. This means the actor can actually simply patch the check which verifies if the imported soft token was generated for this system, and does not need to bother with stealing the system specific value at all.

?In short, all the actor has to do to make use of the 2 factor authentication codes is to steal an RSA SecurID Software Token and to patch 1 instruction, which results in the generation of valid tokens.
=================================================================
After reading these two articles, Wave VSC 2.0 is the 2 factor authentication (2FA) solution that could save thousands of companies from the nefarious activities of the Chinese and other countries!!!
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card

https://www.wavesys.com/

https://www.wavesys.com/contact-information











Public Reply Private Reply New Post
Keep Last Read
Keep Last Read Next 10 Report Keyboard Shortcuts
Next 10 Prev Next
Join InvestorsHub

Join the InvestorsHub Community

Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.

Sign Up