-
Just watched an author do a presentation on this paper and... **HOLY SH*T Banks are using *fingerprinting* for *authentication* and it works *fkin terribly*.** usenix.org/system/files/sec22fall_lin-xu.pdfOn twitter.com
♻️ 9 Retweets
❤️ 42 Favorites
Mood -3 🙁
-
And it looks like phishing sites could just get you to visit, pull your browser fingerprint and use it to *log in to your bank*. Nightmare stuff from fingerprinting companies who have oversold quality of their services for YEARS for ad targeting and now have oversold real bad.Permalink On twitter.com
♻️ 2 Retweets
❤️ 14 Favorites
Mood -3 🙁
-
I didn't think I needed to say this but, if you are a web developer don't fkin use fingerprinting as part of your login process if you have literally any systems that are sensitive for the user.Permalink On twitter.com
♻️ 2 Retweets
❤️ 14 Favorites
Mood 0
-
Browser Fingerprinting is NOT a viable user identification process for anything, much less for sensitive user accounts like a *bank*.Permalink On twitter.com
♻️ 2 Retweets
❤️ 15 Favorites
Mood +2 🙂
-
I have watched a lot of horror films but never have I been more riveted in suspense then in this presentation when I heard that banks are using browser fingerprinting nor more transfixed in horror than when I heard that they don't have good security on top of that.Permalink On twitter.com
♻️ 1 Retweets
❤️ 12 Favorites
Mood +5 🙂
-
I really did not think *banks* was where that presentation was going to go.Permalink On twitter.com
❤️ 9 Favorites
Mood 0
-
Here's the paper's summary - usenix.org/conference/usenixsecurity22/presentation/lin-xuPermalink On twitter.com
❤️ 5 Favorites
Mood 0
-
(Totally tangential but, now that the adrenaline has burned off, what an amazing title for a paper lol: "Phish in Sheep's Clothing")Permalink On twitter.com
❤️ 7 Favorites
Mood +7 🙂