These needed to be sent exactly at the same time, not even a few milliseconds apart, otherwise the IP address he used would be blacklisted. Eventually, he discovered that sending the codes simultaneously let him send a very large number of them at once. The researcher sent out 1,000 codes, with only 122 registering before the rest were invalid. However, Microsoft has a rate limit, meaning hackers only have a limited amount of attempts to get the correct security code before being locked out indefinitely. "Here, if we can brute-force all the combination of 7 digit code (that will be 10^7 = 10 million codes), we will be able to reset any user’s password without permission," Muthiyah said. Users are then asked to use either their email or mobile number on their laptop or smartphone to receive a security code in order to update their password, which consists of a 7 digit security code.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |