Two-Factor Fraud

Reddit’s Two Factor procedures fail, while Google’s prevents years of attacks. We’ll look at the different approaches, and discuss the fundamental weakness of Reddit’s approach.

Plus a Spectre attack over the network, BGP issues take out Telegram, and more!

• Hey, don't route the messenger! Telegram redirected through Iran by baffling BGP leak
• Finding and Diagnosing BGP Route Leaks
• Cloud Leak: How A Verizon Partner Exposed Millions of Customer Accounts
• New Spectre attack enables secrets to be leaked over a network
• NetSpectre: Read Arbitrary Memory over Network
• Password breach teaches Reddit that, yes, phone-based 2FA is that bad
• We had a security incident.
• Google Employees Use a Physical Token as Their Second Authentication Factor
• Cisco is buying Duo Security for $2.35B in cash