|
|
|
|
|
|
by bdamm
2880 days ago
|
|
|
It's fairly easy to claim the general case, and indeed you're right. But the challenge is that not all attackers have infinite resources, and the ones that effectively do us small fry really can't protect against anyway, because they're already where they need to be. So specific information on known attack paths is an interesting conversation, because part of the SMS 2FA security is the belief that while 1-off SMS 2FA attacks are possible, they generally don't scale, and so that puts a high cost on carrying out the SMS 2FA, or informs a limit on the value that can be protected by SMS 2FA. So, good for reddit? Maybe yes. Good for your bank? Maybe not, but maybe yes, depending on the diligence of the customer, the robustness of anti-fraud measures, and the cost of fraud insurance. |
|
|
Good for Instagram? Maybe no, without much dependence on the diligence of the customer.
https://motherboard.vice.com/en_us/article/vbqax3/hackers-si...