Discover and read the best of Twitter Threads about #2fa

Most recents (13)

When my @EFF colleague Alexis Hancock signed her baby up for daycare, she had to download a childcare management app - to monitor and specify "feedings, diaper changes, pictures, activities, and which guardian picked-up/dropped-off the child."

eff.org/deeplinks/2022… 1/ A line of kindergartners horsing around in a toddler-sized i
If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

pluralistic.net/2022/06/23/pee… 2/
This was during the lockdown, and the app was a way to comply with social distancing and contact tracing rules, but it was also designed to help with "separation anxiety of newly enrolled children and their anxious parents." 3/
Read 38 tweets
Beware, here is how WhatsApp accounts are getting hacked.

(A Thread)
First, you receive a call from the attacker who will convince you to make a call to the following number **67*<10 digit number> or *405*<10 digit number>.

Within a few minutes, your WhatsApp would be logged out, and the attackers would get complete control of your account.

1/n
What is happening here? The number you have dialed is a service request for Jio and Airtel to do "call forwarding" when your number is busy/engaged. The attacker tricked you into call forwarding your calls to a number they own when you are busy.

2/n
Read 10 tweets
At #disruptedtimes22, @johnnyryan says even tech giants don't know what they do with data (shades of Amazon's multiple scandals).

This is where #PurposeLimitation comes in. The #GDPR bans e.g. reusing phone numbers gathered for #2fa to target ads.
If one company is acquiring another, a regulator could compel both firms to disclose every single use they make of PII, and then analyze 'what happens when those two spreadsheets have a baby'
Purpose limitation is Big Tech kryptonite, and the DMA strengthens it, allowing the EU to pursue cases where national governments e.g. Eire won't
Read 5 tweets
#NoCode #buildinpublic

Many people think that free #OpenSource software is only for #Linux.

But I use a lot of #FOSS software on my @Microsoft #Windows desktop that I'd be lost without!

These are some of my faves!

25+ FOSS Tools to Improve Your Windows Experience 🧵 👇
7-Zip (@7zip)

Great archiver supporting

Packing/unpacking:
7z
XZ
BZIP2
GZIP
TAR
ZIP
WIM

Unpacking only:
AR
ARJ
CAB
CHM
CPIO
CramFS
DMG
EXT
FAT
GPT
HFS
IHEX
ISO
LZH
LZMA
MBR
MSI
NSIS
NTFS
QCOW2
RAR
RPM
SquashFS
UDF
UEFI
VDI
VHD
VHDX
VMDK
WIM
XAR
Z

7-zip.org
Audacity (@getaudacity)

If you need to perform some audio editing, Audacity is a huge help. I often use it when fixing audio for a video or converting a recording for use in a phone system menu.

Tons of features & useful tools!

audacityteam.org
Read 28 tweets
There are a lot of #Security Issues in the #NFT Ecosystem & #NFTs marketplaces (NFTMs)

1/ When using a password-based authentication workflow, there is no #2FA (two-factor authentication)
2/ there is no support #hardwarewallet
3/ The #smartcontracts of NFTMs must be #opensource and/or provide results of security #Audit
Read 18 tweets
#DataPrivacyDay
Today on #DataPrivacyDay, @SFLCin is bringing you some tips and quick fixes to help protect your privacy online.
#DataPrivacyDay2021 #PrivacyAware #privacy #cybersafety #dataprivacy
We as a generation use #SocialMedia almost obsessively. Most of us have accounts on social media websites like #Facebook, #Instagram & #Twitter.
#SocialSecurity #cybersecuritytips #PrivacyAware
We also keep hearing about various #Hacking, #Phishing attempts and in times like these it is important to understand the basics of social media privacy settings to secure yourself from such attempts.
#PrivacyAware
Read 14 tweets
1/ Solving the root cause of #GoldenSAML attacks, recently used in #Sunburst attacks.
Don't of scale security "UP", burying #SAML's private key deeper in HSM,
scale it "OUT": distribute it w/ modern crypto (#TSS #MPC)+ service architecture, as we do for #cryptocurrency @ZenGo
2/ Advanced attackers (#APT) steal long term secrets ("the stamp") that allow them to issue access tokens and thus access all services in victims' environment, bypassing all security, including multi-factor auth (#MFA,#2FA)
3/ @CISAgov recommends protecting such secrets with hardware (HSM), but this solution is not always feasible, does not scale well and is susceptible to vulnerabilities especially when facing #APT attackers (hence: "aggressively updated")
media.defense.gov/2020/Dec/17/20…
Read 8 tweets
Hilo de recursos de #SeguridadDigital 👨‍💻🛡️ para aquellos periodistas, activistas y defensores de #DDHH que van a cubrir la farsa electoral de la dictadura y sus cómplices mañana #6D. 👇🧵
Antes de salir a cubrir, activen la verificación en 2 pasos en sus cuentas de correo y redes sociales. En este y los próximos 3 tuits dejaré enlaces con los pasos que deben seguir para hacerlo 🔐 #2FA

Cómo configurar la verificación en 2 pasos en Twitter:
Cómo configurar la verificación en 2 pasos en tu cuenta de Google:
Read 15 tweets
#TPRM #IAM #authentication #2FA 
Thoughts on a possible quick-win when it comes to reducing potential unauthorized access by third-party personnel that have approved access to your systems (be they on-prem or cloud)
Fact - Most organizations have a valid need to provide access for third-party personnel to their systems for one or the other reason
Unfortunate Reality - 3rd parties don't always let their customers (you) know when one of their people that has access to a customer system departs their employment. They may not even realize the user had access to your system(s)
Read 7 tweets
Yesterday we published a deep dive on Saud al-Qahtani.

Who is he? Since October 2018, he has been known as the "mastermind" of the #Khashoggi murder.

He is one of #MBS's top aides and has been described as the Saudi crown prince's enforcer and chief propagandist.
Al-Qahtani is also known as the "Lord of the Flies" — "flies" are what Saudi dissidents call trolls and bots that relentlessly attack critics of the Saudi state on social media.

They send death threats. They wage disinformation campaigns.

washingtonpost.com/world/saudi-el…
Al-Qahtani has personally launched harassment campaigns against critics of the Saudi regime.

In August 2017, he launched a hashtag that translates to #the_black_list in English — it threatened dissidents that they would be "followed" if tagged.
Read 17 tweets
Sondersitzung des Digitalausschuss im #Bundestag, heute im Saal des Haushaltsausschusses, daher liegen hier überall fette Unterlagen herum. Neben Behörden wie BSI, BMI u BKA sind auch Twitter, FB, Google u GMX da, um unsere Fragen zum #Hackerangriff u #Datenklau zu beantworten.
#Facebook: "bei Bundestagswahlkampf 2017 legten wir allen Kandidat*innen nahe, eine 2 Faktor-Authentifizierung einzurichten, nur 2.1% haben das leider auch getan, ggf binden wir Kandidaten Verifizierung bei #EUWahl2019 an Einrichtung von #2FA". #hackerangriff #Datenklau #btADA
Facebook: "350 URLs haben wir im Zusammenhang mit dem #Hackerangriff identifiziert und geblockt, Inhalte entfernt, Infos mit BSI geteilt" #datenklau #btAdA
Read 16 tweets
Truth! SMS is not a secure #2fa channel for Instagram or any service; and I've just switched what I could to @Authy. Read up on these #simhijacking #portoutscam hacks (and how to mitigate risk) with this great series by @lorenzofb for @Motherboard: motherboard.vice.com/en_us/topic/si…
For its part, @Instagram is rolling out support for third-party #2FA authentication code apps now (like @Authy or Google Authenticator) now, as an alternative to SMS. I've been checking my Settings > Two-Factor screen relentlessly! help.instagram.com/15824741551979…
Because, as @lorenzofb reports, carrier insiders are helping scammers take over phone SIMs even when you add account PINs, I wonder whether using SMS for #2FA is better than no 2FA at all. #simhijacking is relatively rare, so for most folks I think it is. motherboard.vice.com/en_us/article/…
Read 4 tweets
Mommy, Why is There a Server in the House?
Do you know
what a server is?
I bet you do!

A server is
a funny-looking box.
It makes friends with computers!

#someofmybestfriendsareservers
Big people have a server at the "office".
The office is a boring place
where big people go and do boring things.

#tooclose
Read 21 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!