*makes hacking obsolete*

*makes hacking obsolete*

It's All Fucked Shirt $22.14

Thalidomide Vintage Ad Shirt $22.14

It's All Fucked Shirt $22.14

  1. 1 month ago
    Anonymous

    they literally just ask these day
    it's all just phishing with livepanel

  2. 1 month ago
    Anonymous

    That is fantastic moron. They cant just put malware on your phone, 360, login

  3. 1 month ago
    Anonymous

    that's just not true.

  4. 1 month ago
    Anonymous

    You know they can just steal your cookies with the login session that bypasses authenticator apps right?

    • 1 month ago
      Anonymous

      ^this
      all these double triple quadruple bionic step authentication methods are all a fricking scam, 99% of accounts are hacked either through cookie stealing or good quality phishing
      and this stuff doesn't protect against those attacks in the slightest, they don't even care if suddenly you are logging in from India with the same session, looks legit, you can even change email and password rajeesh!
      it's all fake security, and yubikeys are literal scams

      • 1 month ago
        Anonymous

        >99% of accounts are hacked either through cookie ste-ACK!!!

        • 1 month ago
          Anonymous

          This means a site can't ask for information about cookies from another site, you dumbass moron, it doesn't block cookies from being robbed

          • 1 month ago
            Anonymous

            So what's the best defense then?

          • 1 month ago
            Anonymous

            Common Sense current_year™

          • 1 month ago
            Anonymous

            Not getting malware.
            So probably an adblocker.

    • 1 month ago
      Anonymous

      true but real IQfyentlemen have 0 cookies

    • 1 month ago
      Anonymous

      Just lock the account behind a regional timezone. Soon as timezone changes, automatic authentication required. So even if someone steals cookies/sessions, they still need the proper timezone from the proxy they are using. Further there should be an option to lock it down to IP if you really want to make it more secure. So each time IP changes, authentication is required.

    • 1 month ago
      Anonymous

      >his website doesn't lock cookies to your specific IP
      Stop using vulnerable services.

      • 1 month ago
        Anonymous

        It helps against weak or leaked passwords. It doesn't help against attacks on the website itself or when I can just grab your token.
        The places that implement 2FA tend to have all of the basics handled, at least.

        That's impractical for most public services. On the corporate side, you literally have networks where the external IP can change between requests, or going on and off work VPN if it's not forced to always-on. On the regular user side, you have people doing stuff while moving between random public wifi networks or mobile networks giving out different IPs, or even regular ISPs rotating them regularly in some places.

  5. 1 month ago
    Anonymous

    [...]

    He can't get into the phone and you can disable it remotely including your phone number.
    Then you just get a new sim with your number back.

    • 1 month ago
      Anonymous

      ???
      getting a new SIM with your old number isn't giving you access to the codes that were saved on your old device, are you on crack?

      • 1 month ago
        Anonymous

        >getting a new SIM with your old number isn't giving you access to the codes that were saved on your old device
        Why not? MFA exist and you can reset and get a new code with SMS code confirmation for any service that matter.
        If you service don't have sms alternate auth, you could've just save the authenticator code on a encrypted txt saved on some cloud account.

        • 1 month ago
          Anonymous

          ...but Google authenticator IS the mfa second factor, if you also have sms code confirmation enabled then whats the point of google authenticator???

          >He doesn't backup his authenticator seeds
          Tech illiterates aren't welcome here

          backing up your seeds also kind of defeats the point moron

          captcha: G0Y888

          • 1 month ago
            Anonymous

            moron

          • 1 month ago
            Anonymous

            moron

            Not true if the phishing page/reverse proxy asks for TOTP or if your device itself gets compromised. Its a good way to stop 3rdies from credential stuffing but its not bullet-proof.

            moron

            moron

            yes you are 🙂

          • 1 month ago
            Anonymous

            moron

          • 1 month ago
            Anonymous

            Not true if the phishing page/reverse proxy asks for TOTP or if your device itself gets compromised. Its a good way to stop 3rdies from credential stuffing but its not bullet-proof.

            moron

          • 1 month ago
            Anonymous

            moron

      • 1 month ago
        Anonymous

        >He doesn't backup his authenticator seeds
        Tech illiterates aren't welcome here

  6. 1 month ago
    Anonymous

    Putting a lock on the door does not prevent people from breaking in through the window.

  7. 1 month ago
    Anonymous

    Always attack the weakest link. These days that means social engineering the support team. Most companies will just disable 2FA if you cry enough and know enough information about your target.

  8. 1 month ago
    Anonymous

    it really doesn't thoughever. if you are infected with malware, you're done for, kiddo

Your email address will not be published. Required fields are marked *