OAuth Fishing: A Social Engineering Campaign

This week on Hacker And The Fed security researchers find a vulnerability allowing them to run code on Search Engine computers, ghost tokens could be used to totally control Search Engine Workplace accounts, we let you know what a Pumpkin Sandstorm and a Spandex Tempest are, how long does it take to crack your password in 2023, we answer listener questions about the FBI and diversity in cyber security appliances, and we talk about Anna Kournikova.

Links from the episode:

Remote Code Execution Vulnerability in Google They Are Not Willing To Fix

giraffesecurity.dev/posts/google-remote-code-execution/

'GhostToken' Opens Google Accounts to Permanent Infection

darkreading.com/remote-workforce/-ghosttoken-opens-google-accounts-to-permanent-infection

Hacker Group Names Are Now Absurdly Out of Control

wired.com/story/hacker-naming-schemes-spandex-tempest/amp

How Long It Would Take A Hacker To Brute Force Your Password In 2023

hivesystems.io/blog/are-your-passwords-in-the-green

Support this episode's sponsors:

DeleteMe: Visit JoinDeleteMe.com/FED and use promo code FED20 

BetterHelp: Visit BetterHelp.com/HATF and get 10% off your first month

--

For more information on Chris and his current work visit naxo.com

Follow Hector @hxmonsegur