Re: When two-factor authentication is not enough

[Jeff Sergeant <jeffuk () gmail com>]

The fact they've clearly mapped out Gandi's processes to find the weak link
(The apparent opt-out to the email change request, real or not) and add
noise to exploit it makes it clear that someone put a lot of work into
this.  Pretty much a textbook example of the 'APT' we're always warned
about.

Good save!




On Thu, Apr 10, 2014 at 9:01 AM, Alfie John <alfiej () fastmail fm> wrote:

> The story of a failed attempt to steal FastMail's domains:
>
>
> http://blog.fastmail.fm/2014/04/10/when-two-factor-authentication-is-not-enough/
>
> tl;dr: Pay attention next time you get a flood of emails. The flood
> could part of a larger plot to distract you from something you should be
> paying attention to. In other words, learn to spot misdirection:
>
>   https://www.youtube.com/watch?v=GZGY0wPAnus
>
> Alfie
>
> --
>   Alfie John
>   alfiej () fastmail fm
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/