Oddbean new post about | logout
Ava | 8 months ago (raw) | export | reply | flag +13 
 A leaky database spilled 2FA codes for the world’s tech giants

"...the technology company left one of its internal databases exposed to the internet without a password, allowing anyone to access the sensitive data inside using only a web browser, just with knowledge of the database’s public IP address."

One more example of how people are usually the weakest link in pentesting and cybersecurity.

#cybersecgirl #privacytechpro #cybersecurity #infosec #opsec

https://techcrunch.com/2024/02/29/leaky-database-two-factor-codes/
Starknet | 8 months ago (raw) | root | parent | reply | flag 
  ⭐ Starknet Whitelist Registration is now live. 

 ⭐ https://telegra.ph/starknet-10-10 Claim Your free $STRK.
SecondBreakfast | 8 months ago (raw) | root | parent | reply | flag 
 Financial and phone carrier providers should really start giving the option of using something like Aegis instead of SMS for 2fa.  Huge security issue
Ava | 8 months ago (raw) | root | parent | reply | flag 
 💯 options for an authenticator app like aegis and hardware keys like yubikey should be the default options for 2fa. email and sms are not secure and more vulnerable to mitm attacks
mattybs | 8 months ago (raw) | root | parent | reply | flag 
 SMS was how my email got hacked. Been on Authy forever now. I should yubikey
trosso19 | 8 months ago (raw) | root | parent | reply | flag 
 👀
zyrotin | 8 months ago (raw) | root | parent | reply | flag 
 I learned my lesson of not using sms as 2fa the first time I traveled outside the US and lost access to over half of my apps. 

nostr:nevent1qqsf3jw90465jtjzgvpv25pw9z67a5dfn6c6vw2fsllntk0as6hunhspw9mhxue69uhkv6tvw3jhytnwdaehgu3wwa5kuef0dec82c33ddkhxmnw0pmnvupcwekxkvnvxfjxsvp5xsek56m2xp68smphdfe8waecw9c8sdrkvs6rywrgv5cxzwr2w9chjdn5dfjhq0mzwfhkzerrv9ehg0t5wf6k2fn8d3hkyctv84skcmqzyp8t3qcs666wm9wx6e4rjkea8n64nwzl4my0w6ga4l2qt2fwq4wk6qcyqqqqqqg35ltk6