Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/ret2bed/statuses/111693726425193194">ret2bed is hacking web apps :verified: (ret2bed@infosec.exchange)'s status on Thursday, 04-Jan-2024 05:06:31 JST</a><a href="https://infosec.exchange/@ret2bed" title="ret2bed@infosec.exchange"><img src="https://gnusocial.jp/avatar/109227-48-20230323133823.webp" width="48" height="48" alt="ret2bed is hacking web apps :verified:" style="position: absolute; left: 0; top: 0;">ret2bed is hacking web apps :verified:</a><div><a href="https://bikeshed.party/objects/31384c1d-0b9b-426e-a74b-5e924b023406" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/10721" title="jomo@mstdn.io">jomo</a></li><li><a href="https://gnusocial.jp/user/107000" title="lorenzofb@infosec.exchange">Lorenzo Franceschi-Bicchierai</a></li></ul></div></section><article><p><a href="https://bikeshed.party/users/feld">@feld</a> <a href="https://mstdn.io/@jomo">@jomo</a> <a href="https://infosec.exchange/@lorenzofb">@lorenzofb</a> I disagree. Maybe if the data of the affected user was the only data available when logging into an account but they have broken into a bunch of accounts and then stole further data from genetic matches iirc. </p><p>Not preventing that kind of data theft when one of the parties did not have 2fa enabled is hardly the fault of the user but completely on the platform. This should not have been possible for accounts that don't have basic 2FA enabled.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2537914#notice-5024083">In conversation</a><time datetime="2024-01-04T05:06:31+09:00" title="Thursday, 04-Jan-2024 05:06:31 JST">Thursday, 04-Jan-2024 05:06:31 JST</time> <span>from <span><a href="https://infosec.exchange/@ret2bed/111693726425193194" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@ret2bed/111693726425193194">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
ret2bed is hacking web apps :verified: (ret2bed@infosec.exchange)'s status on Thursday, 04-Jan-2024 05:06:31 JSTret2bed is hacking web apps :verified:
in reply to
@feld @jomo @lorenzofb I disagree. Maybe if the data of the affected user was the only data available when logging into an account but they have broken into a bunch of accounts and then stole further data from genetic matches iirc.
Not preventing that kind of data theft when one of the parties did not have 2fa enabled is hardly the fault of the user but completely on the platform. This should not have been possible for accounts that don't have basic 2FA enabled.
In conversationThursday, 04-Jan-2024 05:06:31 JST from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice