Against a less tech-savvy user, perhaps it might even work. Even if there were, the attacker could just use a proxy to change their IP address, log in with the same password again, and even employ the same futile lockout method on the original owner. Mega isn't responsible for the security of its users' PCs, or their behaviour on any unsavoury websites.Īnd if an account is compromised, what then? Attackers could have a laugh, uploading pornography randomly into users' documents be downright malicious and delete all of their files in an instant or, possibly worse, download them all to snoop through.Ī vigilant user might discover that their account is being accessed from another browser at another IP address, but there are no options to disconnect the user and ban that address. In the event of a phishing campaign or malware that specifically targets the farming of users' Mega passwords, users don't have any options available to them to improve their security. In Mega's case, this would be impossible. The incident did not involve the bank's own infrastructure - its systems were never breached - but the only advice it could really give its customers was for them to change their passwords. An example of this is the recent case of a New Zealand bank that claimed its site was being cloned for another payment processor's site. Previous security incidents have left organisations urging their users to reset their passwords, even when the targeted organisation was not affected. But, more importantly, this approach to security highlights something that is more important than the strength of keys and passwords: the ability to revoke and issue new ones.
0 kommentar(er)
