Episode 378
Two-Factor Fraud
August 2nd, 2018
31 mins 56 secs
Tags
About this Episode
Reddit’s Two Factor procedures fail, while Google’s prevents years of attacks. We’ll look at the different approaches, and discuss the fundamental weakness of Reddit’s approach.
Plus a Spectre attack over the network, BGP issues take out Telegram, and more!
Episode Links
- Hey, don't route the messenger! Telegram redirected through Iran by baffling BGP leak
- Finding and Diagnosing BGP Route Leaks
- Cloud Leak: How A Verizon Partner Exposed Millions of Customer Accounts
- New Spectre attack enables secrets to be leaked over a network
- NetSpectre: Read Arbitrary Memory over Network
- Password breach teaches Reddit that, yes, phone-based 2FA is that bad
- We had a security incident.
- Google Employees Use a Physical Token as Their Second Authentication Factor
- Cisco is buying Duo Security for $2.35B in cash