Feds love SMS

by | Jan 26, 2018 | Information Security

Today I learned NIST no longer admits cell phone SMS authentication is horribly insecure. NIST SP800-63B Published June 2017 refutes earlier guidance to avoid SMS authentication because security. #fedslovesms Tweets
Run of the mill “infosec researcher”.

Run of the mill “infosec researcher”.

by | Apr 25, 2017 | Information Security

A couple of months ago I reported a chained vector vulnerability which affected a corner case 2-Factor bug to Facebook. While their security department utilizes the same anonymous ticketing system their consumer support department I found the encounter professional...