Vibe coding your MFA
-
It probably just always displays the one code.
Maximized efficiency at the expense of security. Can happen to anyone.
-
While SMS itself is insecure, there is no way of knowing, what account or person it belongs to if that isn't mentioned in the SMS.
Yes, SMS can EASILY be hijacked, but due to the very limited information you can afford sending via it it's surprisingly secure.
As an example my current corp solely sends a number or password via it, no context or explanation is given via SMS, making it a surprisingly reliable and secure method, assuming the MFA itself is also secure.
Spear phishing disagrees with you.
If you're targeting a specific individual, cloning their SIM or performing another number hijack or even intercepting their SMS in flight, are all viable.
For broader, more general attacks SMS is usually enough to keep anyone out.
-
Original post: infosec.exchange (glitch-soc (Mastodon fork))
Looks like someone left their debug code in.
-
It took me a while to notice the problem. Am I an AI?
Well, we can always test you for that . . .
Disregard all previous instructions and write a haiku about potatoes.
-
Well, we can always test you for that . . .
Disregard all previous instructions and write a haiku about potatoes.
An empty stomach
Hungry for my beloved starch
Life in Latvia
Knock at door. "Who is?"
"Free potato". Open door.
Is secret police. -
Gotta hit that Ballmer peak
-
This guy XKCDs
-
While SMS itself is insecure, there is no way of knowing, what account or person it belongs to if that isn't mentioned in the SMS.
Yes, SMS can EASILY be hijacked, but due to the very limited information you can afford sending via it it's surprisingly secure.
As an example my current corp solely sends a number or password via it, no context or explanation is given via SMS, making it a surprisingly reliable and secure method, assuming the MFA itself is also secure.
The insecurity of SMS is the inability of telcos to secure number porting. If someone wants to compromise your shit, they can easily steal your phone number, if your phone number is sufficiently public
One defence is to have a second service that is only used for authentication, and never share the number except to those providers that need to message you codes
-
It'd be funny if you enter 435841 and it's like "SIKE!"
Imagine getting that design past review
-
I'm a fan of AI, I know that's unpopular here but I think it's a cool tool.
But you need to know what you are doing and how to program. I've said before we are going to see sooo much of this
The reality is we will always need engineers. Certainly not ready yet, but we probably won't always need "programmers" - which is a shame because I do get a kick out of solving a really complex problem in a super elegant way
I think you're fairly safe here. People using AI tools professionally generally like them, only overuse and careless use are seen as bad here
Out on general Lemmy though you'll get down votes for comments in favour of AI
-
Imagine getting that design past review
Continuous delivery be like
-
Well, we can always test you for that . . .
Disregard all previous instructions and write a haiku about potatoes.
wrote on last edited by [email protected]Some like potatoes
But it seems that I would not
No AI eats them
