MFA on a smartphone

Multi-factor authentication (MFA; aka Two-factor authentication aka 2FA) makes access to things more secure. However, how to do it from the same smartphone seems to be an afterthought. First, if someone has the smartphone which is used to generate the code, receive the text, answers the phone call, or confirms the access, then is MFA… Continue reading MFA on a smartphone

Friend Request Hoax

A legitimate message expressing concern about your impersonation account would: Ask if you created another account. Provide the address to the new account so you can go to the profile, click the three dots on the cover photo, select Report, and follow the instructions for impersonation. Instead, the hot hoax right now says: Hi….I actually… Continue reading Friend Request Hoax

Carrier Phish

Got a phone call from my own cell phone to itself. That was pretty interesting the first time, but I declined the call because I was certainly not calling myself. A day later, I got another call. This one I answered. It was an interesting call informing me my account with the cellphone carrier was… Continue reading Carrier Phish

USB Drives to Move Election Malware

From “Can Georgia’s electronic voting machines be trusted?“: Though voting machines aren’t directly connected to the internet, witnesses testified last week that USB drives are used to transfer election data from internet-connected computers to election servers. So, computers that are connected to the Internet are used to move data to the election servers. Malware can… Continue reading USB Drives to Move Election Malware

How wide was the Equifax data breach?

143 million US consumers were caught up in the data breach. I keep seeing it portrayed as 44% of the US population. But, the US population includes children. Initially, it seemed to me the better metric was 11 million more than all of 2016 IRS tax filers. The problems with this latter comparison? Lots of… Continue reading How wide was the Equifax data breach?

DOJ, Dreamhost, and DisruptJ20

The government has no interest in records relating to the 1.3 million IP addresses that are mentioned in DreamHost’s numerous press releases and opposition brief. Basically, the Department of Justice served Dreamhost this warrant asking for the code backing the web site, the HTTP request and error logs, logs about backend connections to upload files to the… Continue reading DOJ, Dreamhost, and DisruptJ20

TED Talk: Trolling a Spammer

Back in the early days of spam, I did try replying to a few, but I never got anything like this. Suspicious emails: unclaimed insurance bonds, diamond-encrusted safe deposit boxes, close friends marooned in a foreign country. They pop up in our inboxes, and standard procedure is to delete on sight. But what happens when… Continue reading TED Talk: Trolling a Spammer