|
https://twitter.com/sachee/status/1592308273071681536
|
#
?
Nov 15, 2022 02:02
|
|
|
|
| # ? Apr 19, 2024 10:05 |
|
|
i used to play bass for a band called tunnels in miami it was supposed to be ironic
|
|
#
?
Nov 15, 2022 02:21
|
|
|
rip but i'm sure she'll be okay at the next gig.
|
|
#
?
Nov 15, 2022 02:47
|
|
|
Volmarias posted:Boo this man Shame Boy posted:oh i just got it  Also in retrospect paying 44 billion to destroy one of the premier communication networks in the world today is actually pretty cheap, huh.
|
|
#
?
Nov 15, 2022 07:51
|
|
|
oh that's nice.
|
|
#
?
Nov 15, 2022 22:39
|
|
|
and the tunnels were his second idea, after he couldn't figure out how to make on ramps for a highway with many, many levels
|
|
#
?
Nov 15, 2022 22:54
|
|
|
duz posted:and the tunnels were his second idea, after he couldn't figure out how to make on ramps for a highway with many, many levels He shoulda played some satisfactory
|
|
#
?
Nov 16, 2022 18:37
|
|
|
every time i think i understand dmarc, i guess i dont 
|
|
#
?
Nov 16, 2022 18:38
|
|
|
duz posted:and the tunnels were his second idea, after he couldn't figure out how to make on ramps for a highway with many, many levels idea: an ultra-futuristic vacuum transport pod that travels at Mach 1 reality: a tunnel that cars drive through one at a time poorly
|
|
#
?
Nov 16, 2022 19:07
|
|
|
https://www.bankinfosecurity.com/twitter-second-factor-authentication-has-vulnerability-a-20475quote:A researcher contacted Information Security Media Group on condition of anonymity to reveal that texting "STOP" to the Twitter verification service results in the service turning off SMS two-factor authentication. lol, lmao even
|
|
#
?
Nov 16, 2022 23:09
|
|
|
hear me out... maybe sms-based 2FA is not good?
|
|
#
?
Nov 16, 2022 23:14
|
|
|
SMS in general is bad and should be discontinued
|
|
#
?
Nov 16, 2022 23:47
|
|
|
Babies Getting Rabies posted:https://www.bankinfosecurity.com/twitter-second-factor-authentication-has-vulnerability-a-20475 honestly this is a pretty good way to handle this. Carriers are gonna ban you from sending SMS if you dont respect stop/opt out requests from a recipient even if they signed up to receive the messages. its surprising they've actually accounted for it and disable SMS MFA rather than leaving it enabled and having the SMS messages go nowhere, effectively locking you out of the account. of course it would be better to not use SMS but this isnt the worst thing since they actually considered the use case.
|
|
#
?
Nov 16, 2022 23:54
|
|
|
Shaggar posted:honestly this is a pretty good way to handle this. Carriers are gonna ban you from sending SMS if you dont respect stop/opt out requests from a recipient even if they signed up to receive the messages. its surprising they've actually accounted for it and disable SMS MFA rather than leaving it enabled and having the SMS messages go nowhere, effectively locking you out of the account. This is basically like letting people disable 2fa simply by sending an email claiming to be from that person's address
|
|
#
?
Nov 17, 2022 00:00
|
|
|
Is that really a thing? Surely there's verification they actually sent the message on their end, so you'd have to request it by knowing their password and so then it's not functionally different than logging in with a 2fa code and removing 2fa from settings normally and the "SMS is not 2fa" battle was lost years ago when every single bank and CC company switched over to use it Bhodi fucked around with this message at 00:08 on Nov 17, 2022 |
|
#
?
Nov 17, 2022 00:04
|
|
|
quote is not edit
|
|
#
?
Nov 17, 2022 00:05
|
|
|
mystes posted:The problem is it's much, much easier to spoof caller id for a number you don't own than to receive messages on that number. This means that pretty anyone can trivially disable 2FA for anyone else. afaik its not as easy to send fake caller id for SMS as it is for normal phones. "Spoofing" your outbound ANI on a traditional phone circuit is a feature, not a defect, but its very easy to abuse. I dont know how you'd even go about spoofing an SMS sender. Every system i've ever seen for sending SMS is very locked down on sender number.
|
|
#
?
Nov 17, 2022 00:16
|
|
|
there are lots of apps and services like https://www.spoofmytextmessage.com/ out there purporting to let you spoof SMS, but I haven’t tested any
|
|
#
?
Nov 17, 2022 00:20
|
|
|
anyways, for an account that has had mfa using sms, I would just disable the account if sms is disabled and there was no available second factor. If no one can get in the account, the account is secure!
|
|
#
?
Nov 17, 2022 00:38
|
|
|
sb hermit posted:anyways, for an account that has had mfa using sms, I would just disable the account if sms is disabled and there was no available second factor. If no one can get in the account, the account is secure!
|
|
#
?
Nov 17, 2022 00:59
|
|
|
mystes posted:You will be pleased to know that twitter apparently recently locked out everyone using 2FA only SMS, TOTP still worked I believe
|
|
#
?
Nov 17, 2022 01:00
|
|
|
mystes posted:You will be pleased to know that twitter apparently recently locked out everyone using 2FA 
|
|
#
?
Nov 17, 2022 06:16
|
|
|
Babies Getting Rabies posted:https://www.bankinfosecurity.com/twitter-second-factor-authentication-has-vulnerability-a-20475 this is only a vulnerability if you can disable 2fa from a spoofed number. otherwise you still need to sim swap the victim and at that point you can just use 2fa normally anyway. the article is light on details so it's unclear whether or not this is the case. e: just occurred to me that perhaps someone could be phished into sending it themselves. Send a lot of annoying emails and put "TEXT STOP TO <number> TO UNSUBSCRIBE" or something spankmeister fucked around with this message at 09:04 on Nov 17, 2022 |
|
#
?
Nov 17, 2022 08:58
|
|
|
make a meme on tiktok or something to have everyone flood the sms endpoint with STOP to voice your disapproval of SMS MFA
|
|
#
?
Nov 17, 2022 11:19
|
|
|
sb hermit posted:make a meme on tiktok or something to have everyone flood the sms endpoint with STOP to voice your disapproval of SMS MFA if anyone does this we are gonna assume it was you
|
|
#
?
Nov 17, 2022 11:33
|
|
|
Babies Getting Rabies posted:https://www.bankinfosecurity.com/twitter-second-factor-authentication-has-vulnerability-a-20475 sec fucks for this thread, gently caress SECs for the other thread
|
|
#
?
Nov 17, 2022 15:54
|
|
|
i think she's onto something... https://twitter.com/wbm312/status/1593439295519412226
|
|
#
?
Nov 18, 2022 19:42
|
|
|
I hope so, because the "download your stuff" service seems to be broken
|
|
#
?
Nov 18, 2022 19:48
|
|
|
Subjunctive posted:I hope so, because the "download your stuff" service seems to be broken lol
|
|
#
?
Nov 18, 2022 19:49
|
|
|
Chris Knight posted:i think she's onto something... the musk thread already discussed this (not her tweet, people have been saying this for a little while now) and it seems real likely yeah
|
|
#
?
Nov 18, 2022 19:49
|
|
|
Subjunctive posted:I hope so, because the "download your stuff" service seems to be broken
|
|
#
?
Nov 18, 2022 19:54
|
|
|
Wiggly Wayne DDS posted:it worked for me a couple of days ago, might be regional as well Might also just be one of those totally irrelevant and unimportant plates finally stopped spinning when anyone who knew about it left.
|
|
#
?
Nov 18, 2022 19:55
|
|
|
downloading your history was a microservice
|
|
#
?
Nov 18, 2022 20:24
|
|
|
https://twitter.com/CalumBoal/status/1593225022772244481 lmao
|
|
#
?
Nov 18, 2022 20:33
|
|
|
https://twitter.com/cpartisans/status/1593634667147988993
|
|
#
?
Nov 18, 2022 21:09
|
|
|
|
|
#
?
Nov 18, 2022 21:12
|
|
|
i ran into "inserting null truncates the rest of the field in mysql" long ago, really "fun" one
|
|
#
?
Nov 18, 2022 21:28
|
|
|
Shame Boy posted:the musk thread already discussed this (not her tweet, people have been saying this for a little while now) and it seems real likely yeah after seeing the "think you're a hardcore enough coder to save Twitter? click here or be fired." email I've come to the conclusion that the only thing preventing the company from getting absolutely wrecked is that nobody knows who is still working there to send the spear phishing email to.
|
|
#
?
Nov 19, 2022 15:25
|
|
|
oops! https://twitter.com/matrosov/status/1593333424126730240
|
|
#
?
Nov 19, 2022 15:44
|
|
|
|
| # ? Apr 19, 2024 10:05 |
|
|
"We maintain it internally" Edit: to be clear i dunno what their response / reason is i just hear that poo poo all the time from vendors
|
|
#
?
Nov 19, 2022 15:48
|
|
