Why Nostr? What is Njump?
2024-12-12 19:12:20
in reply to

Erik van Straten on Nostr: npub1ed2us…d9yw0 : not taking into account that I strongly advise against using ...

: not taking into account that I strongly advise against using weak MFA (because it it not phishing-resistant and comes with a lot of disadvantages nobody wants anyone to know about):

yes.

See https://www.oasis.security/resources/blog/oasis-security-research-team-discovers-microsoft-azure-mfa-bypass (yesterday).
Source: https://infosec.exchange/@AAKL/113634744971043868

In short (if I understand correctly) Microsoft's servers would accept codes in a time window for upto 3 minutes. This enabled the researchers to conduct a brute force attack.

#WeakMFA #Weak2FA #TOTP #SMS #Voice #MFA #2FA #AitM #MitM #EvilProxy #Evilginx2
Author Public Key
npub1yzfshvmugq4nd4jhwve7hhwqzvvt7g9g23sharz5f5wdvg65r92qhql3r7