How To Hack Twitter's Two-Factor Authentication 58
An anonymous reader writes with this excerpt from PC Mag's SecurityWatch: "We've pointed out some problems with Twitter's new two-factor authentication. For example, since just one phone number can be associated with an account, Twitter's two-factor authentication won't work for organizations like the Associated Press, The Onion, or The Guardian. They were hacked; they could still be hacked again in the same way. However, security experts indicate that the problem is worse than that, a lot worse."
worse problem? (Score:5, Insightful)
the problem is worse than that, a lot worse
Problem? Worse? This is twitter we're talking about right?
If sending an unencrypted email is like sending a postcard (kids, ask your parents) in pencil, twitter is like a sign you stick in your lawn.
Anyone can drive by and stick a sign in your lawn, make it look like you support any cause, or take any sign you've put out.
Now if people put undue weight to those signs, it they swing the markets, then the issue--the problem--is people who don't know the difference between reliable and unreliable sources.
The problem isn't twitter, it's employees in the media and so-called journalists who'd rather sit on their bum checking their cell phone than go out and do their job.
Re:Thank you (Score:5, Insightful)
As long as stock market bots and day traders use twitter activity to guide their behavior, I care.
This cant be stopped. (Score:5, Insightful)
A similar solution works very well, no GPS (Score:4, Insightful)
I always post on Slashdot using a small Android phone in Bryan, TX, and my ISP is Suddenlink. I've posted on Slashdot hundreds, if not thousands of times. 20 minutes after I make this post from here in Bryan, if someone claiming to me tries to log in using an iphone in Canada, that's guaranteed to be bogus. That's a simple, obvious, and common example.
Now take that same general idea and apply fifteen years of R&D and real world experience. You can catch most unauthorized login attempts. If you do any late night surfing, on sites like GirlsGoneWild.com, you may have noticed half of those sites say "protected by Strongbox". They do that because it works.