Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/varx/statuses/110262756012762188">varx/tech (varx@infosec.exchange)'s status on Wednesday, 26-Apr-2023 20:53:19 JST</a><a href="https://infosec.exchange/@varx" title="varx@infosec.exchange"><img src="https://gnusocial.jp/avatar/79880-48-20241125155824.webp" width="48" height="48" alt="varx/tech" style="position: absolute; left: 0; top: 0;">varx/tech</a><div><a href="https://mastodon.social/@lopta/110261919555798786" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://mastodon.social/@lopta">@lopta</a> I reset my password using the "compromised account" feature, since it just took a moment. Little to lose. However... I'm not convinced yet that there's a legitimate threat, so I haven't done anything beyond that.</p><p>(I don't use 2FA with Amazon because their 2FA support kind of sucks, and I don't have any "devices".)</p><p>It's easy for people to think they've found something serious and be dead wrong about it. I know this from the perspective both of someone who has raised a false alarm, and of someone who has to field security disclosures. So I'm holding this with some uncertainty, and I figure we'll know soon enough.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/1410899#notice-2885582">In conversation</a><time datetime="2023-04-26T20:53:19+09:00" title="Wednesday, 26-Apr-2023 20:53:19 JST">Wednesday, 26-Apr-2023 20:53:19 JST</time> <span>from <span><a href="https://infosec.exchange/@varx/110262756012762188" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@varx/110262756012762188">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
varx/tech (varx@infosec.exchange)'s status on Wednesday, 26-Apr-2023 20:53:19 JSTvarx/tech
in reply to
- lopta
@lopta I reset my password using the "compromised account" feature, since it just took a moment. Little to lose. However... I'm not convinced yet that there's a legitimate threat, so I haven't done anything beyond that.
(I don't use 2FA with Amazon because their 2FA support kind of sucks, and I don't have any "devices".)
It's easy for people to think they've found something serious and be dead wrong about it. I know this from the perspective both of someone who has raised a false alarm, and of someone who has to field security disclosures. So I'm holding this with some uncertainty, and I figure we'll know soon enough.
In conversationWednesday, 26-Apr-2023 20:53:19 JST from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice