Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Jul 05, 2023

today's howtos

Audiocasts/Shows: MakuluLinux, Destination Linux, mintCast

Extracting TOTP keys from a proprietary Android 2FA app

↺ Extracting TOTP keys from a proprietary Android 2FA app

> This is an analysis of an early 2010s proprietary Android-based two-factor authentication (2FA) application for a particular cloud service provider – à la Okta, or Microsoft Authenticator. This particular cloud service has been publicly criticised for not supporting industry standard 2FA algorithms such as time-based one-time password (TOTP).

> Interestingly, many such proprietary 2FA applications internally use TOTP; for example, Okta. In such cases, extracting the TOTP shared secret key enables 2FA tokens to be generated from standard TOTP software. This 2FA application turned out to be no exception.

↺ Okta

↺ Okta

Japan’s Nagoya Port Suspends Cargo Operations Following Ransomware Attack [Ed: It's probably Microsoft Windows]

↺ Japan’s Nagoya Port Suspends Cargo Operations Following Ransomware Attack

> Japan’s Port of Nagoya this week suspended cargo loading and unloading operations following a ransomware attack.

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

↺ Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

> An actively exploited vulnerability in the Contec SolarView solar power monitoring product can expose hundreds of energy organizations to attacks.

Ransomware Criminals Are Dumping Kids’ Private Files Online After School Hacks

↺ Ransomware Criminals Are Dumping Kids’ Private Files Online After School Hacks

> Ransomware gangs are targeting schools, stealing confidential documents and then dumping them online.

gemini.tuxmachines.org