>Go on website
>Arbitrary code runs and executes malicious code
>Steals Google login credentials/cookies
>Person uses them to login to your Google account
>They lock your Android phone remotely with your Google account and can also track your position
>You can't remove the Google account from your device unless you know the password
>They changed the password
>They cannot login from a new device because you have the 2FA device
>You cannot login to your account because you don't know the password but now your device with 2FA on it is locked remotely via your Google account
Why did nobody consider this a flaw?
Additionally;
Hijack email account, setup POP3 client for the email account > Have access to their emails indefinitely regardless if they change their password or enable 2FA
Yeah let me just pull a browser 0day arbitrary code execution flaw out of my ass
Idiot
>>62209118
They are incredibly common granted the victim isn't suppressing scripts which by the way 99% of users who run adblocker don't run any script restrictions. DNS poisoning is relatively easy, enough to redirect thousands if not potentially millions of users from a popular site to a malicious one.
>>62209150
>They are incredibly common
Why don't you show me one then?
I'll wait.
>>62209167
if you did anything more than shitposting on /g/ you'd know, newfriend.
>>62209187
If you know of one, why are you posting nazi frogs on a korean flipbook imageboard instead of becoming a master hacker who steals everyone's passwords?
>>62209210
>korean flipbook imageboard
russian homosexual imageboard actually
>Google login does not come from a known location
>Stops the login in process and asks for a special code delivered through a phone
>They don't have the phone and cannot enter in any code
>They don't get in
I don't see the issue
>>62209015
>what is two step verification
>>62209249
copy your browser cookies and saved credentials, put it onto a new device on a different network then go onto your account. it all works fine. the "known location" is a cookie saved in the browser
>>62209263
2FA is useless if the attacker gets your browser credentials/login cookies which is where the "known location" is saved. Steam accounts are hijacked like this. Person just needs to get their steam authentication file from their steam folder and the rest is all gravy.
i'm saddened how much newfags exist on /g/
>>62209249
>Steals cookies
>>62209279
>he doesn't autodelete his cookies after closing browser
>>62209297
good luck getting into my house to my computer so you can copy my cockies without getting shot
>Person logins to your Google account
>you have 2FA
>>62209307
What will that achieve? Do you think "deleting" your cookies makes those cookies void if someone else had obtained them prior to you closing your browser? Do you also dban your hard drive after you close your browser because if not then the files are not deleted.
>>62209322
2FA only works if the attacker doesn't have your cookies/credentials from your browser.
>>62209326
you don't have access to my browser in the first place, not to mention I never log into google from browsers but only use GMail app on my phone, good luck stealing that
>>62209015
>Want to look like a hackerman to my peers in school
>decide to 'hack' a girls facebook account
>find her email on her facebook account
>try to login in
>click forget password
>find answer to security question on her facebook account (the name of her best friend)
>reset email password
>click 'forget password' on facebook
>use her email to to reset her fb password
>post stupid shit on her profile while her dumb friends send messages saying the cyber police will get me
>decide to be nice and give her email and account back, tell her to reset her email password and security question
>she writes a long post threatening and insulting whoever 'hacked' her account
>I check her email
>she didn't reset her security question
>proceed to take her accounts a second time and make posts gloating about it
Everyone was talking about it the next day at school
>>62209397
also
>mothers maiden name
>parents birth place
>first school you attended
>where you graduated
>pet name
all of it's listed on their profile
>>62209349
Okay, but he still would fail at the "changing your password" step and thus wouldnt accomplish anything
>>62209397
sometimes i wonder if i could get got like this.
don't want to be exposed though, so good i don't attract attention