So like, what is the goal with spamming attempts on an account with 2 factor?
Surely there are easier accounts try to brute force instead of wasting time on this?
once a known password associated with an email works, use: 1) social engineer the 2FA code, 2) if SMS use other vuln techniques.
thatassemblyguy on
+3
Options
AtomikaLive fast and get fucked or whateverRegistered Userregular
Still. It’s only February and Trump has several more trials to get to and has already lost nearly a half-billion dollars this year in cash from court decisions.
I hope every downticket GOP race has to sell raffle tickets
I just started Legend Of Korra. Avatar has kind of timeless appeal to all ages. Legend Of Korra feels specifically made for angsty teens. It kind of sucks. I hope it gets better.
huff
puff
The first season is good but steeped in teen love triangle nonsense. Season two is weak. Seasons three and four are better than any season of Airbender IMO. Mind bogglingly good.
The sheer amount of fuckery on Nickelodeon's part during the first two seasons can't be emphasized enough though.
Quid weren't you at the mall
No?
Edit: Is Nickelodeon at the mall? Cause I'll go beat them up.
I made many of the slides for this meeting and am just chilling cameras off while my boss presents our decisions to leadership
maybe I'll cross stitch or something. Like it's great we have finished this intense process but also the presentation of it is really not very interesting when you, like, did the process
Steam, LoL: credeiki
+3
Options
AtomikaLive fast and get fucked or whateverRegistered Userregular
So like, what is the goal with spamming attempts on an account with 2 factor?
Surely there are easier accounts try to brute force instead of wasting time on this?
I don't know what the goal is in this particular case, but sometimes the goal is to get the user to unthinkingly approve the login.
I had to deal with a breach once where the attacker was able to obtain passwords to a 2FA-protected system. So the attacker sprayed login attempts. They triggered the push notification on the 2FA app, and some of the affected users just tapped 'yes' on the notification.
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
I just started Legend Of Korra. Avatar has kind of timeless appeal to all ages. Legend Of Korra feels specifically made for angsty teens. It kind of sucks. I hope it gets better.
It gets better, but it's never the original series.
It's me, the person that likes Korra better than the original!
I enjoyed the original as well. But i loved Korra.
Angsty teen 4 lyfe.
There's more earth bending. That's a 9/10 already.
Anything short of jail just enables Trump to gift his base even harder. I've always assumed his parade of clown lawyers was part of the grift...
This case was never going to be jail. At most the state of New York could have taken all his properties and dissolved all his companies and confiscated their accounts.
So like, what is the goal with spamming attempts on an account with 2 factor?
Surely there are easier accounts try to brute force instead of wasting time on this?
I don't know what the goal is in this particular case, but sometimes the goal is to get the user to unthinkingly approve the login.
I had to deal with a breach once where the attacker was able to obtain passwords to a 2FA-protected system. So the attacker sprayed login attempts. They triggered the push notification on the 2FA app, and some of the affected users just tapped 'yes' on the notification.
The MS ones just have a code, and obviously I"m not at the screen with the prompt, so I can't even give the hacker something if I wanted to. So weird.
League of Legends: Sorakanmyworld
FFXIV: Tchel Fay
Nintendo ID: Tortalius
Steam: Tortalius
Stream: twitch.tv/tortalius
+1
Options
NoneoftheaboveJust a conforming non-conformist.Twilight ZoneRegistered Userregular
What if making and filing maps under a three way indexing systen is the height of immersive dungeon delving
Anime man: Is this gameplay?
Motherfucker thats a job
Every once and I while I like to horrify a buddy of mine who got into pc gaming with StarCraft by sending him screenshots of the ancient spreadsheet simulators I played. All
"Look at this game it rules!"
Ahh Stars!
Saving tiny increments of fuel by working out that halfway there dropping one warp factor takes the same amount of time
So like, what is the goal with spamming attempts on an account with 2 factor?
Surely there are easier accounts try to brute force instead of wasting time on this?
I don't know what the goal is in this particular case, but sometimes the goal is to get the user to unthinkingly approve the login.
I had to deal with a breach once where the attacker was able to obtain passwords to a 2FA-protected system. So the attacker sprayed login attempts. They triggered the push notification on the 2FA app, and some of the affected users just tapped 'yes' on the notification.
The MS ones just have a code, and obviously I"m not at the screen with the prompt, so I can't even give the hacker something if I wanted to. So weird.
The attacker may not know that?
I'm just speculating here.
It also might just be a plain old DDOS, or it might be a misconfigured script, or they might be trying to find non-2FA-enabled users.
But a more specific scenario I'm imagining is one where they trigger 2FA without knowing how 2FA works. Some users have SMS 2FA, others have push notifications in an authenticator app. The 2FA system chooses which method to use to contact the legitimate user. But if you hit 100,000 users, and 20% of them have 2FA, and 20% of those have push notifications, and 5% of those fall for the push notification flood, you just compromised 200 accounts. (On top of the 80000 others who maybe just had single-factor login.)
Feral on
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
the "no true scotch man" fallacy.
+2
Options
Donkey KongPutting Nintendo out of business with AI nipsRegistered Userregular
edited February 16
According to Air Canada, Moffatt never should have trusted the chatbot and the airline should not be liable for the chatbot's misleading information because Air Canada essentially argued that "the chatbot is a separate legal entity that is responsible for its own actions," a court order said.
Fffffff hahaha. Air Canada, this is YOUR chatbot on YOUR OWN website. THAT YOUR CREATED AND PUT UP AND LINKED CUSTOMERS TO.
They lost this argument btw, have been forced to honor any policies the chatbot made up, and have discontinued the chatbot.
Donkey Kong on
Thousands of hot, local singles are waiting to play at bubbulon.com.
According to Air Canada, Moffatt never should have trusted the chatbot and the airline should not be liable for the chatbot's misleading information because Air Canada essentially argued that "the chatbot is a separate legal entity that is responsible for its own actions," a court order said.
Fffffff hahaha. Air Canada, this is YOUR chatbot on YOUR OWN website. THAT YOUR CREATED AND PUT UP AND LINKED CUSTOMERS TO.
They lost this argument btw, have been forced to honor any policies the chatbot made up, and have discontinued the chatbot.
ahahahaha eat my shiiiit and haaaaaaaaaaaaair
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
the "no true scotch man" fallacy.
+12
Options
Donkey KongPutting Nintendo out of business with AI nipsRegistered Userregular
And for the ten millionth time: you should really be using LLMs to interpret user input and then have a fixed system checked for correctness formulating responses. Jesus.
Thousands of hot, local singles are waiting to play at bubbulon.com.
+5
Options
Kane Red RobeMaster of MagicArcanusRegistered Userregular
I keep getting sms verification codes for my X account, except that I deleted my account when they unbanned Trump so I'm very confused. And annoyed.
Took a bunch of photos in low light in a restaurant with ISO 400 film and no flash.
Worked ok, but got a lot of blur. Looking about for faster film leads to the discovery that Ilford provide processing parameters to push some of their film to 25000 ISO
Anything short of jail just enables Trump to gift his base even harder. I've always assumed his parade of clown lawyers was part of the grift...
This case was never going to be jail. At most the state of New York could have taken all his properties and dissolved all his companies and confiscated their accounts.
Yes, my point was these monetary rulings just give him concrete numbers to flash in front of his base as exactly how much he is being unfairly persecuted by.
I doubt any of his people trust he was treated fairly.
0
Options
AtomikaLive fast and get fucked or whateverRegistered Userregular
What if making and filing maps under a three way indexing systen is the height of immersive dungeon delving
Anime man: Is this gameplay?
Motherfucker thats a job
Every once and I while I like to horrify a buddy of mine who got into pc gaming with StarCraft by sending him screenshots of the ancient spreadsheet simulators I played. All
"Look at this game it rules!"
Ahh Stars!
Saving tiny increments of fuel by working out that halfway there dropping one warp factor takes the same amount of time
Stars!
I played probably a thousand hours of that as a kid, I remember mailing cash and getting a floppy with an activation code back. My first Geocities page was about Stars!.
"It isn't illegal if a computer does it" is a surprisingly common corporate strategy despite having no real legal foundation.
Two goats enter, one car leaves
+4
Options
SummaryJudgmentGrab the hottest iron you can find, stride in the Tower’s front doorRegistered Userregular
edited February 16
My boss is a saint; I just had - tried to have - a come-to-jesus talk with her and she was like lmao it's after 3pm on a Friday, let's figure out giving some of your work to the new hire who doesn't have enough shit to do next week and please go enjoy your weekend and don't worry about it, okay?
boss...
SummaryJudgment on
Some days Blue wonders why anyone ever bothered making numbers so small; other days she supposes even infinity needs to start somewhere.
Donkey KongPutting Nintendo out of business with AI nipsRegistered Userregular
edited February 16
I think the funniest thing that LLMs tend to do when you try to make them domain experts on like, an API, a code base, a set of policies, whatever, is if those things suck ass or don't make sense or seem unfair, the base model training can outweigh the shitty material you've trained it with and it will say things that are usually more fair and more sane instead of what you taught it.
Like of course you can ask for a refund retroactively from air canada in the case of a sudden event like a death in the family. It would be monstrous if you couldn't, says the weight of all the training data fed into GPT-3. Forget this weirdly worded supplemental data that doesn't quite seem as likely.
Donkey Kong on
Thousands of hot, local singles are waiting to play at bubbulon.com.
"It isn't illegal if a computer does it" is a surprisingly common corporate strategy despite having no real legal foundation.
I know I've mentioned this a few times but the corporate defense I have the biggest hateboner for is CenturyLink (now Lumen):
"That sole defendant, CenturyLink, Inc., is a parent holding company that has no customers, provides no services, and engaged in none of the acts or transactions about which Plaintiffs complain. There is no valid basis for Defendant to be a party in this Proceeding: Plaintiffs contracted with the Operating Companies to purchase, use, and pay for the services at issue, not with CenturyLink, Inc."
(Emphasis theirs!)
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
the "no true scotch man" fallacy.
+3
Options
ChanusHarbinger of the Spicy Rooster ApocalypseThe Flames of a Thousand Collapsed StarsRegistered Userregular
Food $200
Data $150
Rent $800
Unauthorized refunds given by my chatbot $3,600
Utility $150
someone who is good at the economy please help me budget this. my family is dying
Allegedly a voice of reason.
+9
Options
AtomikaLive fast and get fucked or whateverRegistered Userregular
"It isn't illegal if a computer does it" is a surprisingly common corporate strategy despite having no real legal foundation.
I know I've mentioned this a few times but the corporate defense I have the biggest hateboner for is CenturyLink (now Lumen):
"That sole defendant, CenturyLink, Inc., is a parent holding company that has no customers, provides no services, and engaged in none of the acts or transactions about which Plaintiffs complain. There is no valid basis for Defendant to be a party in this Proceeding: Plaintiffs contracted with the Operating Companies to purchase, use, and pay for the services at issue, not with CenturyLink, Inc."
(Emphasis theirs!)
Yeah, corporate holding or d/b/a bullshit is complete legal nonsense but it does have a bit of legal basis and, despite the constant abuse for it, has an ostensible purpose (there are valid reasons to limit risk and exposure for corporate purposes, despite constant abuse of the systems to do so).
The thing about the "computer did it" defense is, AFAIK, there's just no actual basis for it. There's no solid legal footing for it, no real case law to support it, and if you ever did get any kind of ruling supporting that theory the ramifications of it would be absolutely fucking insane (your honor I did not pirate anything, the torrent program pirated it and I cannot be held liable).
Just a huge foundational part of several modern industries premised entirely on a completely untested and incoherent legal theory, the actual unspoken basis being "we can keep this going until someone with money sues us or legislators in California notice what we're doing."
Posts
once a known password associated with an email works, use: 1) social engineer the 2FA code, 2) if SMS use other vuln techniques.
I hope every downticket GOP race has to sell raffle tickets
Just one? Pathetic
Silly RMS, who reads that old thing any more?
Also independent monitor overseeing all his business. No loans. And probable removal of some or all of his business licenses.
I made many of the slides for this meeting and am just chilling cameras off while my boss presents our decisions to leadership
maybe I'll cross stitch or something. Like it's great we have finished this intense process but also the presentation of it is really not very interesting when you, like, did the process
Yeah it’s not nothing. It’s actually quite a huge bit.
But it’s less than the prosecution asked for, so I have to think some of that is an effort to still appear impartial.
The impartial thing to do would be to bankrupt his ass
I don't know what the goal is in this particular case, but sometimes the goal is to get the user to unthinkingly approve the login.
I had to deal with a breach once where the attacker was able to obtain passwords to a 2FA-protected system. So the attacker sprayed login attempts. They triggered the push notification on the 2FA app, and some of the affected users just tapped 'yes' on the notification.
the "no true scotch man" fallacy.
There's more earth bending. That's a 9/10 already.
Same. I have gotten 20+ and thought it was just me. @DemonStacey
FFXIV: Tchel Fay
Nintendo ID: Tortalius
Steam: Tortalius
Stream: twitch.tv/tortalius
This case was never going to be jail. At most the state of New York could have taken all his properties and dissolved all his companies and confiscated their accounts.
The MS ones just have a code, and obviously I"m not at the screen with the prompt, so I can't even give the hacker something if I wanted to. So weird.
FFXIV: Tchel Fay
Nintendo ID: Tortalius
Steam: Tortalius
Stream: twitch.tv/tortalius
With names like that, are these Mortal Kombat characters? What, no FATALITY?
Ahh Stars!
Saving tiny increments of fuel by working out that halfway there dropping one warp factor takes the same amount of time
Ok at least it's not just me thing. And instead some large attempt going on. Makes feel a little better!
Going for an English and ordering twelve bread rolls and twenty four plates of chips
The attacker may not know that?
I'm just speculating here.
It also might just be a plain old DDOS, or it might be a misconfigured script, or they might be trying to find non-2FA-enabled users.
But a more specific scenario I'm imagining is one where they trigger 2FA without knowing how 2FA works. Some users have SMS 2FA, others have push notifications in an authenticator app. The 2FA system chooses which method to use to contact the legitimate user. But if you hit 100,000 users, and 20% of them have 2FA, and 20% of those have push notifications, and 5% of those fall for the push notification flood, you just compromised 200 accounts. (On top of the 80000 others who maybe just had single-factor login.)
the "no true scotch man" fallacy.
Fffffff hahaha. Air Canada, this is YOUR chatbot on YOUR OWN website. THAT YOUR CREATED AND PUT UP AND LINKED CUSTOMERS TO.
They lost this argument btw, have been forced to honor any policies the chatbot made up, and have discontinued the chatbot.
ahahahaha eat my shiiiit and haaaaaaaaaaaaair
the "no true scotch man" fallacy.
Worked ok, but got a lot of blur. Looking about for faster film leads to the discovery that Ilford provide processing parameters to push some of their film to 25000 ISO
Yes, my point was these monetary rulings just give him concrete numbers to flash in front of his base as exactly how much he is being unfairly persecuted by.
I doubt any of his people trust he was treated fairly.
I just saw Sora on OpenAI
I didn’t think Hollywood would be over so soon
wtf
Stars!
I played probably a thousand hours of that as a kid, I remember mailing cash and getting a floppy with an activation code back. My first Geocities page was about Stars!.
Good times!
boss...
…the Kingdom Hearts protagonist?
Like of course you can ask for a refund retroactively from air canada in the case of a sudden event like a death in the family. It would be monstrous if you couldn't, says the weight of all the training data fed into GPT-3. Forget this weirdly worded supplemental data that doesn't quite seem as likely.
I know I've mentioned this a few times but the corporate defense I have the biggest hateboner for is CenturyLink (now Lumen):
"That sole defendant, CenturyLink, Inc., is a parent holding company that has no customers, provides no services, and engaged in none of the acts or transactions about which Plaintiffs complain. There is no valid basis for Defendant to be a party in this Proceeding: Plaintiffs contracted with the Operating Companies to purchase, use, and pay for the services at issue, not with CenturyLink, Inc."
(Emphasis theirs!)
the "no true scotch man" fallacy.
Data $150
Rent $800
Unauthorized refunds given by my chatbot $3,600
Utility $150
someone who is good at the economy please help me budget this. my family is dying
OpenAI’s new prompt-generated video creator
Two of the concept videos were essentially just movie trailer clips
Gosh this feels big. This feels like a definitive end to our current understanding of moviemaking.
Let your family die, marry the chatbot, then no one can testify against you
Yeah, corporate holding or d/b/a bullshit is complete legal nonsense but it does have a bit of legal basis and, despite the constant abuse for it, has an ostensible purpose (there are valid reasons to limit risk and exposure for corporate purposes, despite constant abuse of the systems to do so).
The thing about the "computer did it" defense is, AFAIK, there's just no actual basis for it. There's no solid legal footing for it, no real case law to support it, and if you ever did get any kind of ruling supporting that theory the ramifications of it would be absolutely fucking insane (your honor I did not pirate anything, the torrent program pirated it and I cannot be held liable).
Just a huge foundational part of several modern industries premised entirely on a completely untested and incoherent legal theory, the actual unspoken basis being "we can keep this going until someone with money sues us or legislators in California notice what we're doing."