Episode 378: Two-Factor Fraud
Reddit’s Two Factor procedures fail, while Google’s prevents years of attacks. We’ll look at the different approaches, and discuss the fundamental weakness of Reddit’s approach.
August 3, 201831m 56s
Audio is streamed directly from the publisher (aphid.fireside.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Reddit’s Two Factor procedures fail, while Google’s prevents years of attacks. We’ll look at the different approaches, and discuss the fundamental weakness of Reddit’s approach.
Plus a Spectre attack over the network, BGP issues take out Telegram, and more!
Sponsored By:
- Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean
- iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you!
- Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com
Links:
- Hey, don't route the messenger! Telegram redirected through Iran by baffling BGP leak
- Finding and Diagnosing BGP Route Leaks
- Cloud Leak: How A Verizon Partner Exposed Millions of Customer Accounts
- New Spectre attack enables secrets to be leaked over a network
- NetSpectre: Read Arbitrary Memory over Network
- Password breach teaches Reddit that, yes, phone-based 2FA is that bad
- We had a security incident.
- Google Employees Use a Physical Token as Their Second Authentication Factor
- Cisco is buying Duo Security for $2.35B in cash
Topics
SpectreNetSpectreVerizon leakS3NICEBGPTelegramDuo SecurityCiscoTwo-Factor AuthenticationSMSSysadmin PodcastTechSNAP