christine, to animals
@christine@ruby.social avatar

For my hackathon project I did try to make CFA (Cat Factor Authentication, using your cat's microchip as a second factor) a thing 😆 The project did win a prize, but more for the experimentation then the actual result https://wpengine.com/blog/hackathon-december-2023/

governa, to bitwarden
@governa@fosstodon.org avatar
informapirata, to informatica Italian
@informapirata@mastodon.uno avatar

Dropbox sarebbe stato violato. Rubati i dati dei clienti e i token di autenticazione

Dropbox ha affermato che gli sono penetrati nei di della piattaforma di firma elettronica . Hanno ottenuto l’accesso a di , di autenticazione a più fattori (), con hash e sui clienti.

@informatica

Notizia segnalata su @redhotcyber

https://www.sec.gov/Archives/edgar/data/1467623/000146762324000024/may2024exhibit991.htm

rebekka_m, to random German
@rebekka_m@fnordon.de avatar

Ein Bekannter ist zur Zeit in Ausbildung zum und sucht einen als oder in oder bei . Falls du etwas weißt/eine Stelle anzubieten hast oder du wen kennst, der oder die etwas wissen könnte, schreib mir einfach. :) Danke <3!

... und ansonsten gilt wie immer: Boost tut gut!

Scraft161, to infosec
@Scraft161@tsukihi.me avatar

Hardware security key options?

I've been thinking about getting a hardware security key and have heard of yubikey before; but I want to see what my options are and if they are worth it in your opinion.
My current setup is a local KeePassXC database (that I sync between my PC and phone and also acts as TOTP authenticator app), I know that KeePass supports hardware keys for unlocking the database.

I am personally still of the belief that passwords are the safest when done right; but 2FA/MFA can greatly increase security on top of that (again, if done right).
The key work work together with already existing passwords, not replace them.

As I use linux as my primary OS I do expect it to support it and anything that doesn't I will have to pass on.

PS: what are the things I need to know about these hardware keys that's not being talked about too much, I am very much delving into new territory and want to make sure I'm properly educated before I delve in.

@linux @technology @technology @privacy

majorlinux, to infosec
@majorlinux@toot.majorshouse.com avatar

Time to mix up those passwords!

Roku hit by credential stuffing attack - Desk Chair Analysts

https://dcanalysts.net/roku-hit-by-credential-stuffing-attack/

arstechnica, to random
@arstechnica@mastodon.social avatar

LastPass users targeted in phishing attacks good enough to trick even the savvy

Campaign used email, SMS, and voice calls to trick targets into divulging master passwords.

https://arstechnica.com/security/2024/04/lastpass-users-targeted-in-phishing-attacks-good-enough-to-trick-even-the-savvy/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

BrianPierce,
@BrianPierce@mstdn.social avatar

@arstechnica

Key point is this: "companies and end users should always use multi-factor authentication to lockdown accounts when possible and ensure it’s compliant with the standard when available. available through push notifications or one-time passwords provided by text, email, or authenticator apps are better than nothing, but as events over the past few years have demonstrated, they are themselves easily defeated in credential phishing attacks"

mattotcha, to Cybersecurity
@mattotcha@mastodon.social avatar

Cisco: Hacker breached multifactor authentication message provider on April 1
https://therecord.media/cisco-duo-data-breach-mfa-telephony-provider #cybersecurity #hacker #Cisco #MFA #Duo

aeveltstra, to cisco
@aeveltstra@mastodon.social avatar
aeveltstra,
@aeveltstra@mastodon.social avatar
KathyReid, to random
@KathyReid@aus.social avatar

My Google Pixel 4a 5G died this afternoon and it won't turn on - I am trying all the rebooting / forced restarting options, but nothing is working so far.

The key lesson I am learning is how dependent I am on everything on my phone - my music is on my phone, audio books are on my phone, is on my phone, entertainment in the form of games are on my phone.

I knew I was dependent, but not just how dependent I was.

Olly42, to apple
@Olly42@nerdculture.de avatar

iPhone Users under ‘Reset Password’ Attack.

Beware support calls offering a fix.

Cybersecurity researchers have figured out a way to exploit what seems to be a bug in Apple’s password reset feature in a new scam that can lock you out of your iPhone if you’re not careful.

https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/

image/png

ErikJonker, to Cybersecurity
@ErikJonker@mastodon.social avatar

Good blog about how criminals attack, in this case, iPhone users and illustrates the weakness of having to use one unchangeable phonenumber everywhere.
https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/

trendless, to security
@trendless@zeroes.ca avatar

Sanity check:

2FA via SMS was already risky and unsafe, but hey let's make it even worse by adding the ability to have the code sent to a friend?!

:mastomindblown:

Is it really that hard to setup an authenticator app like Aegis or use the one built into keychain?

#2FA #MFA #Security #Telegram #Authentication

sehe, to random
@sehe@fosstodon.org avatar

Byebye !

I remember the day I switched to Authy because it would not vendor-lockin me for codes. Alas, today is the day where I ditched it because Authy - without warning - stopped supporting the desktop app, even hurrying the deadline by 5 months! That was 70% of the total notification window as far as I could tell.

Requiring a mobile device for is not quite the same for me, and it can get lost (or stolen) way too easily for my taste.

Edent, to security
@Edent@mastodon.social avatar

Where are the U2F Rings?

The FIDO specification defines a form of Universal 2nd Factor (U2F) when users log in to a system. Rather than relying on one-time codes sent via SMS, or displayed on a phone screen, these are physical hardware tokens which are used to supplement passwords. When used with websites, this technology is also known as WebAuthn.

I use a USB thumb-drive sized hardw

https://shkspr.mobi/blog/2022/02/where-are-the-u2f-rings/

#/etc/

Edent,
@Edent@mastodon.social avatar

Here it is! A review of the Z-1 Ring from Cybernetic.

https://tube.tchncs.de/w/ho3ddokqBwsgFR35KrfkyX

It is an ring which does so you can use it as an token or a .

There are some limitations, as I explain in the video and blog post, but it's a pretty cool bit of gear.

Edent,
@Edent@mastodon.social avatar

I've spent a month wearing my MFA token on my finger and… it has been great (mostly).

After using my username and password, I tap my NFC ring onto my phone / laptop.
It doesn't replace passwords, and I'm comfortable with that.

Once configured, most services worked fine - although PayPal only allows one token registered at a time.

There's still a lack of support from banks etc. And the NFC occasionally accidentally triggers my phone.

https://shkspr.mobi/blog/2024/02/giving-the-finger-to-mfa-a-review-of-the-z1-encrypter-ring-from-cybernetic/

Edent, (edited ) to foss
@Edent@mastodon.social avatar

Which open-source TOTP code generator do you use on Android?

sphcow, to Cybersecurity
@sphcow@mas.to avatar

Passwordless is great, but perhaps you need to consider basic MFA to start? If that's you, it's time for a refresher. Spoiler: it's not heavy key fobs any more.

#

https://sphericalcowconsulting.com/2024/03/03/mfa-beyond-sms-and-email/

Edent, to random
@Edent@mastodon.social avatar

🆕 blog! “Giving the finger to MFA - a review of the Z1 Encrypter Ring from Cybernetic”
★★★★☆

I have mixed feelings about Multi-Factor Authentication. I get why it is necessary to rely on something which isn't a password but - let's be honest here - it is a pain juggling between SMS, TOTP apps, proprietary apps, and mag…

👀 Read more: https://shkspr.mobi/blog/2024/02/giving-the-finger-to-mfa-a-review-of-the-z1-encrypter-ring-from-cybernetic/

NHBoehm,
@NHBoehm@ioc.exchange avatar

@Edent Thank you for your review.

I seriously considered purchasing a ring.

But, it turns out that the shop does not process purchase requests, resulting in an incomplete page with nothing to click on.
And the support email bounces as nonexistent.

I hope that you would incorporate that information in your review and/or boost this as a real world experience.

Edent, to linux
@Edent@mastodon.social avatar

🆕 blog! “Review: An NFC reader/writer with USB-C - ACR1252U-MF”
★★★★⯪

I needed to read and write NFC cards on Linux. I only buy USB-C peripherals now, so I found the brilliantly named "ACR1252U-MF" which appears to be the only USB-C reader on the market. Total cost was about £35 on eBay. It's a cheap and light plastic box with a short USB …

👀 Read more: https://shkspr.mobi/blog/2024/02/review-an-nfc-reader-writer-with-usb-c-acr1252u-mf/

-c

blog, to linux
@blog@shkspr.mobi avatar

Review: An NFC reader/writer with USB-C - ACR1252U-MF
https://shkspr.mobi/blog/2024/02/review-an-nfc-reader-writer-with-usb-c-acr1252u-mf/

I needed to read and write NFC cards on Linux. I only buy USB-C peripherals now, so I found the brilliantly named "ACR1252U-MF" which appears to be the only USB-C reader on the market. Total cost was about £35 on eBay.

It's a cheap and light plastic box with a short USB cord. When you plug it in, there's a flashing light which can't be disabled. When it is powered up, or it detects and NFC chip, it makes this weird and scratchy beep:

🔊💾 Download this audio file.

On Linux, it shows up as: 072f:223b Advanced Card Systems, Ltd ACR1252 Dual Reader

To get it working, install PCSC Tools and the PCSC Daemon:

sudo apt install pcsc-tools pcscd

To start the daemon:

service pcscd start

Running pcsc_scan detected the reader as two readers - PICC and SAM

Using reader plug'n play mechanismScanning present readers...0: ACS ACR1252 1S CL Reader [ACR1252 Dual Reader PICC] 00 001: ACS ACR1252 1S CL Reader [ACR1252 Dual Reader SAM] 01 00

Putting tokens on and off the reader showed them being detected and removed.

Despite my best efforts, I was unable to get this working with .

nfc-list uses libnfc 1.8.0No NFC device found.

For reading and writing basic NDEF tags, I used Wakdev's NFC tools, I was also able to use various Python scripts like PCSC NDEF

It also worked with a FIDO2 / HID Bridge so I could use an MFA token.

There's lots of documentation about the reader and its API as well as some official ACS Linux tools. In theory it supports firmware update - although none have been released.

It's a cheap and cheerful device. It would be nice if there were a way to stop the flashing LED and crappy buzzer.

https://shkspr.mobi/blog/2024/02/review-an-nfc-reader-writer-with-usb-c-acr1252u-mf/

majorlinux, to android
@majorlinux@toot.majorshouse.com avatar

Hopefully they won't alter the deal any further.

Authy moved its desktop EOL to March - Desk Chair Analysts

https://dcanalysts.net/authy-moved-its-desktop-eol-to-march/












cybersecboardrm, to Cybersecurity

Understand how hackers exploit social engineering to circumvent MFA and fortify your cybersecurity defenses accordingly.
https://thehackernews.com/2024/02/4-ways-hackers-use-social-engineering.html

NDR, to workersrights German
@NDR@ard.social avatar

Am Donnerstag legten bundesweit rund 2.000 Beschäftigte in Arztpraxen die Arbeit nieder, der Verband medizinischer Fachberufe hatte zum Warnstreik aufgerufen. Die Forderung: bessere Arbeitsbedingungen und mehr Gehalt. 🩺

Praxismanagerin Jana August wollte mit dem Warnstreik auch für mehr Anerkennung ihres Berufs kämpfen. "Wir sind diejenigen, die den Laden am Laufen halten", sagt die Hamburgerin. 🥼

📝 ▶️ https://www.ndr.de/Praxispersonal-Auf-Warnstreik-folgt-Einigung-im-Tarifstreit,arztpraxen130.html?at_medium=mastodon&at_campaign=NDR.de

  • All
  • Subscribed
  • Moderated
  • Favorites
  • normalnudes
  • Durango
  • kavyap
  • thenastyranch
  • everett
  • osvaldo12
  • rosin
  • mdbf
  • DreamBathrooms
  • khanakhh
  • magazineikmin
  • InstantRegret
  • Youngstown
  • slotface
  • JUstTest
  • Leos
  • ngwrru68w68
  • modclub
  • anitta
  • tacticalgear
  • ethstaker
  • GTA5RPClips
  • cubers
  • megavids
  • provamag3
  • cisconetworking
  • tester
  • lostlight
  • All magazines