this post was submitted on 31 Jan 2024
109 points (95.8% liked)

Technology

59374 readers
7416 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 13 comments
sorted by: hot top controversial new old
[–] [email protected] 24 points 9 months ago (2 children)

And this is why smart people don't use text message to factor authentication, if at all possible. App based OTP is much safer

[–] [email protected] 6 points 9 months ago (1 children)
[–] [email protected] 4 points 9 months ago (1 children)

Exactly. I don't have a physical key because I would want one that has open source hardware and software.

[–] [email protected] 1 points 9 months ago* (last edited 9 months ago) (1 children)

I believe Solokey is a brand that makes open source hardware keys.

Edit: they might only be fido 2 level 1 and not level 2 like yubikey

Edit 2: apparently there's also openkey and nitrokey so those are some more options for you.

[–] [email protected] 1 points 9 months ago

Thanks, I will check them out, though, that only being level 1 could be a problem.

[–] [email protected] 6 points 9 months ago (1 children)

I wish the companies that decide to only allow SMS 2FA (or none at all) will fucking realize this sooner rather than later

[–] [email protected] 2 points 9 months ago

Or at least be held liable for any losses.

[–] [email protected] 3 points 9 months ago

This is the best summary I could come up with:


The US may have uncovered the nation's largest "SIM swap" scheme yet, charging a Chicago man and co-conspirators with allegedly stealing $400 million in cryptocurrency by targeting over 50 victims in more than a dozen states, including one company.

Once the swap occurs, the bad actor can defeat multi-factor authentication protections and access online accounts to steal data or money.

Powell's accused crew allegedly used identification card printers to forge documents, then posed as victims visiting Apple, AT&T, Verizon, and T-Mobile retail stores in Minnesota, Illinois, Indiana, Utah, Nebraska, Colorado, Florida, Maryland, Massachusetts, Texas, New Mexico, Tennessee, Virginia, and the District of Columbia.

When Powell's alleged scheme began in 2021, the FBI issued a warning, noting that criminals were increasingly using SIM-swap attacks, fueling total losses that year of $68 million.

Since then, US law enforcement has made several arrests, but none of the uncovered schemes come close to the alleged losses from the thefts Powell's crew are being accused of.

In October, the Department of Justice sentenced a hacker, Jordan Dave Persad, to 30 months for stealing nearly $1 million from "dozens of victims."


The original article contains 846 words, the summary contains 185 words. Saved 78%. I'm a bot and I'm open source!

[–] [email protected] 3 points 9 months ago* (last edited 9 months ago) (1 children)
[–] [email protected] 0 points 9 months ago

Here is an alternative Piped link(s):

a video

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source; check me out at GitHub.

[–] [email protected] 2 points 9 months ago (1 children)

I've seen the sole examples of the sim swap attack happening in US. Has it ever happened in other countries?

[–] [email protected] 2 points 9 months ago

According to the article, it has happened in Europe as well.

[–] [email protected] 1 points 9 months ago

I sure could use a payout like this. Totally legally, of course.