In this way, the smarter hackers to access the user's Google account login verification code-hackers, code-IT information

IT information news June 12 message, now user login Google account except to entered right of password, while also to entered Google to user sent of validation code, this validation mechanism is double factors certification, actually except Google, currently many website account are used has such of validation mechanism, through password and validation code of double certification, can better to help user protection account information, improve security. Now, there has been a case, hackers managed to bypass Google's two-factor authentication, and landed the account of others.

This happened to Clearbit.com's co-founder Alex MacCaw on. For hacker,, first, need get other account of password, and password of gets can through "hit library", way repeatedly validation get, as validation code, on compared difficult has, the hacker is such do of: he posing as has Google to Alex MacCaw sent has a article account was others Telnet of information, said to lock Alex MacCaw of account, and requirements Alex MacCaw in SMS following reply received of validation code. Alex MacCaw take it for granted that this is Google's information, we will reply in the following code, when in fact, this CAPTCHA is back to the hacker.

Alex MacCaw received message is something like this: "our recent notes from the IP address 136.91.38.203 (Vacaville, California) attempts to log on to jschnei4@gmail.com accounts of suspicious behavior. If you are not already at the above address, logged in, it will temporarily lock your account. Please reply to the six-digit verification code you received, if you confirm the identify the landing, you can ignore this warning. ”

Of course, the implementation of the fraud means provided that you have access to each other's passwords. For a user, if you receive a message similar to this, and you want to be sure before we make a decision.

就这样，黑客聪明地获得了用户谷歌账号登录验证码 - 黑客,验证码 - IT资讯

IT资讯讯 6月12日消息，现在用户登录谷歌账户除了要输入正确的密码，同时也要输入谷歌向用户发送的验证码，这种验证机制就是双因素认证，其实除了谷歌，目前很多网站账户都采用了这样的验证机制，通过密码和验证码的双重认证，可以更好地帮用户保护账户信息，提高安全性。而现在，出现了一则案例，有黑客成功绕过了谷歌的双因素认证，登陆了别人的账号。

这个案例发生在Clearbit.com的联合创始人Alex MacCaw身上。对于黑客而言，首先，需要获得对方账户的密码，而密码的获取可以通过“撞库”等方式反复验证获得，至于验证码，就比较难了，这位黑客是这样做的：他冒充了谷歌向Alex MacCaw发送了一条账户被他人远程登录的信息，表示要锁定Alex MacCaw的账号，并要求Alex MacCaw在短信下面回复收到的验证码。而Alex MacCaw理所当然的认为这是谷歌发送的信息，便会在下面回复验证码，而事实上，这条验证码是回复给了黑客。

Alex MacCaw收到的短信是类似这样的：“我们近期注意到来自IP地址136.91.38.203（加州瓦卡维尔）尝试登录jschnei4@gmail.com账号的可疑行为。如果你并未在上述地址进行过登陆，将会暂时锁定你的账号。请回复你接收到的六位验证码，如果你确认识别这次登陆，请忽略这个警告。”

当然，实行这个诈骗手段的前提是已经获得而来对方的密码。而对于用户而言，如果收到了类似这样的短信，还是要确认清楚之后再做决定。