Discover and read the best of Twitter Threads about #2FA

Most recents (13)

Beware, here is how WhatsApp accounts are getting hacked.

(A Thread)
First, you receive a call from the attacker who will convince you to make a call to the following number **67*<10 digit number> or *405*<10 digit number>.

Within a few minutes, your WhatsApp would be logged out, and the attackers would get complete control of your account.

1/n
What is happening here? The number you have dialed is a service request for Jio and Airtel to do "call forwarding" when your number is busy/engaged. The attacker tricked you into call forwarding your calls to a number they own when you are busy.

2/n
Read 9 tweets
At #disruptedtimes22, @johnnyryan says even tech giants don't know what they do with data (shades of Amazon's multiple scandals).

This is where #PurposeLimitation comes in. The #GDPR bans e.g. reusing phone numbers gathered for #2fa to target ads.
If one company is acquiring another, a regulator could compel both firms to disclose every single use they make of PII, and then analyze 'what happens when those two spreadsheets have a baby'
Purpose limitation is Big Tech kryptonite, and the DMA strengthens it, allowing the EU to pursue cases where national governments e.g. Eire won't
Read 5 tweets
#NoCode #buildinpublic

Many people think that free #OpenSource software is only for #Linux.

But I use a lot of #FOSS software on my @Microsoft #Windows desktop that I'd be lost without!

These are some of my faves!

25+ FOSS Tools to Improve Your Windows Experience 🧵 👇
7-Zip (@7zip)

Great archiver supporting

Packing/unpacking:
7z
XZ
BZIP2
GZIP
TAR
ZIP
WIM

Unpacking only:
AR
ARJ
CAB
CHM
CPIO
CramFS
DMG
EXT
FAT
GPT
HFS
IHEX
ISO
LZH
LZMA
MBR
MSI
NSIS
NTFS
QCOW2
RAR
RPM
SquashFS
UDF
UEFI
VDI
VHD
VHDX
VMDK
WIM
XAR
Z

7-zip.org
Audacity (@getaudacity)

If you need to perform some audio editing, Audacity is a huge help. I often use it when fixing audio for a video or converting a recording for use in a phone system menu.

Tons of features & useful tools!

audacityteam.org
Read 28 tweets
DO NOT LET YOUR CHILDREN BUY #ROBUX.

A thread on the utter crappiness of @Roblox support.

If you're a parent of a kid who plays #ROBLOX, please like, and retweet so other parents can see.

1.
So last Saturday my son went to bed happy. He woke up sad on Sunday morning. You see, while he was sleeping all of his equipped pets in #PetSimulatorX and 7 million diamonds vanished. He wasn't hacked. He has #2FA set up on his account, with my email as the 2nd factor. #ROBLOX 2.
First I reached out to Big Games @BuildIntoGames, the devs of #PetSimulatorX and got no reply but did note that in the 24 hours prior to this event, they'd tweeted that they'd disabled and reenabled trading on their game, which I found interesting. 3.
Read 18 tweets
There are a lot of #Security Issues in the #NFT Ecosystem & #NFTs marketplaces (NFTMs)

1/ When using a password-based authentication workflow, there is no #2FA (two-factor authentication)
2/ there is no support #hardwarewallet
3/ The #smartcontracts of NFTMs must be #opensource and/or provide results of security #Audit
Read 18 tweets
#DataPrivacyDay
Today on #DataPrivacyDay, @SFLCin is bringing you some tips and quick fixes to help protect your privacy online.
#DataPrivacyDay2021 #PrivacyAware #privacy #cybersafety #dataprivacy
We as a generation use #SocialMedia almost obsessively. Most of us have accounts on social media websites like #Facebook, #Instagram & #Twitter.
#SocialSecurity #cybersecuritytips #PrivacyAware
We also keep hearing about various #Hacking, #Phishing attempts and in times like these it is important to understand the basics of social media privacy settings to secure yourself from such attempts.
#PrivacyAware
Read 14 tweets
1/ Solving the root cause of #GoldenSAML attacks, recently used in #Sunburst attacks.
Don't of scale security "UP", burying #SAML's private key deeper in HSM,
scale it "OUT": distribute it w/ modern crypto (#TSS #MPC)+ service architecture, as we do for #cryptocurrency @ZenGo
2/ Advanced attackers (#APT) steal long term secrets ("the stamp") that allow them to issue access tokens and thus access all services in victims' environment, bypassing all security, including multi-factor auth (#MFA,#2FA)
3/ @CISAgov recommends protecting such secrets with hardware (HSM), but this solution is not always feasible, does not scale well and is susceptible to vulnerabilities especially when facing #APT attackers (hence: "aggressively updated")
media.defense.gov/2020/Dec/17/20…
Read 8 tweets
Hilo de recursos de #SeguridadDigital 👨‍💻🛡️ para aquellos periodistas, activistas y defensores de #DDHH que van a cubrir la farsa electoral de la dictadura y sus cómplices mañana #6D. 👇🧵
Antes de salir a cubrir, activen la verificación en 2 pasos en sus cuentas de correo y redes sociales. En este y los próximos 3 tuits dejaré enlaces con los pasos que deben seguir para hacerlo 🔐 #2FA

Cómo configurar la verificación en 2 pasos en Twitter:
Cómo configurar la verificación en 2 pasos en tu cuenta de Google:
Read 15 tweets
#TPRM #IAM #authentication #2FA 
Thoughts on a possible quick-win when it comes to reducing potential unauthorized access by third-party personnel that have approved access to your systems (be they on-prem or cloud)
Fact - Most organizations have a valid need to provide access for third-party personnel to their systems for one or the other reason
Unfortunate Reality - 3rd parties don't always let their customers (you) know when one of their people that has access to a customer system departs their employment. They may not even realize the user had access to your system(s)
Read 7 tweets
Yesterday we published a deep dive on Saud al-Qahtani.

Who is he? Since October 2018, he has been known as the "mastermind" of the #Khashoggi murder.

He is one of #MBS's top aides and has been described as the Saudi crown prince's enforcer and chief propagandist.
Al-Qahtani is also known as the "Lord of the Flies" — "flies" are what Saudi dissidents call trolls and bots that relentlessly attack critics of the Saudi state on social media.

They send death threats. They wage disinformation campaigns.

washingtonpost.com/world/saudi-el…
Al-Qahtani has personally launched harassment campaigns against critics of the Saudi regime.

In August 2017, he launched a hashtag that translates to #the_black_list in English — it threatened dissidents that they would be "followed" if tagged.
Read 17 tweets
Sondersitzung des Digitalausschuss im #Bundestag, heute im Saal des Haushaltsausschusses, daher liegen hier überall fette Unterlagen herum. Neben Behörden wie BSI, BMI u BKA sind auch Twitter, FB, Google u GMX da, um unsere Fragen zum #Hackerangriff u #Datenklau zu beantworten.
#Facebook: "bei Bundestagswahlkampf 2017 legten wir allen Kandidat*innen nahe, eine 2 Faktor-Authentifizierung einzurichten, nur 2.1% haben das leider auch getan, ggf binden wir Kandidaten Verifizierung bei #EUWahl2019 an Einrichtung von #2FA". #hackerangriff #Datenklau #btADA
Facebook: "350 URLs haben wir im Zusammenhang mit dem #Hackerangriff identifiziert und geblockt, Inhalte entfernt, Infos mit BSI geteilt" #datenklau #btAdA
Read 16 tweets
Truth! SMS is not a secure #2fa channel for Instagram or any service; and I've just switched what I could to @Authy. Read up on these #simhijacking #portoutscam hacks (and how to mitigate risk) with this great series by @lorenzofb for @Motherboard: motherboard.vice.com/en_us/topic/si…
For its part, @Instagram is rolling out support for third-party #2FA authentication code apps now (like @Authy or Google Authenticator) now, as an alternative to SMS. I've been checking my Settings > Two-Factor screen relentlessly! help.instagram.com/15824741551979…
Because, as @lorenzofb reports, carrier insiders are helping scammers take over phone SIMs even when you add account PINs, I wonder whether using SMS for #2FA is better than no 2FA at all. #simhijacking is relatively rare, so for most folks I think it is. motherboard.vice.com/en_us/article/…
Read 4 tweets
Mommy, Why is There a Server in the House?
Do you know
what a server is?
I bet you do!

A server is
a funny-looking box.
It makes friends with computers!

#someofmybestfriendsareservers
Big people have a server at the "office".
The office is a boring place
where big people go and do boring things.

#tooclose
Read 21 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!