A fun discovery on the vulnerability of SMS authentication.

Fri Mar 31 06:05:56 MST 2017

CODB. I watched the whole video and they mentioned their "heated"
conversation with the provider. Phone providers couldn't care less.
However, if your provider allows you to register an answer to your security
questions, do not use real information.

"What high school did you go to?" should never be your real high school.
"Klingon Bird Of Prey Academy" or "Hogwarts School of Witchcraft and
Alcoholism" are better choices. (Don't hack me) ;)

Get creative and use your password manager to store your odd replies.

You know your answer is good when the person is shocked you can remember it
or can't stop laughing at the absurdity.

On Thu, Mar 30, 2017 at 3:39 PM, Eric Oyen <eric.oyen at icloud.com> wrote:

> yep.
> looks like a case of social engineering that opened up a whole can of
> worms.
>
> I just hope someone hasn't managed to gain his credit card info.
>
> -eric
> from the central office of the Technomage Guild, Social Solutions
> Engineering Dept.
>
> On Mar 30, 2017, at 12:54 PM, Stephen Partington wrote:
>
> https://www.youtube.com/watch?v=LlcAHkjbARs
>
> --
> A mouse trap, placed on top of your alarm clock, will prevent you from
> rolling over and going back to sleep after you hit the snooze button.
>
> Stephen
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20170331/5e6665d0/attachment.html>