# I am the Watcher. I am your guide through this vast new twtiverse.
# 
# Usage:
#     https://watcher.sour.is/api/plain/users              View list of users and latest twt date.
#     https://watcher.sour.is/api/plain/twt                View all twts.
#     https://watcher.sour.is/api/plain/mentions?uri=:uri  View all mentions for uri.
#     https://watcher.sour.is/api/plain/conv/:hash         View all twts for a conversation subject.
# 
# Options:
#     uri     Filter to show a specific users twts.
#     offset  Start index for quey.
#     limit   Count of items to return (going back in time).
# 
# twt range = 1 14
# self = https://watcher.sour.is/conv/kaggk6q
abucci
anthony.buc.ci
View Thread
How Google Authenticator made one company’s network breach much, much worse | Ars Technica

🤦‍♂

WHY are these big companies treated as though they are the be all and end all of infosec? These are rookies errors they're making, *at scale*.

> Unfortunately Google employs dark patterns to convince you to sync your MFA codes to the cloud, and our employee had indeed activated this “feature”. If you install Google Authenticator from the app store directly, and follow the suggested instructions, your MFA codes are by default saved to the cloud. If you want to disable it, there isn’t a clear way to “disable syncing to the cloud”, instead there is just a “unlink Google account” option.
mckinley
twtxt.net
View Thread
@abucci If Google is suggesting you do something, it's probably a good idea to do the opposite.
prologic
twtxt.net
View Thread
Wow !!! 😱 Those sneaky little shitheads!!! Google are unconspicious lying sons of notches 😢 When da fuq did they sneak this feature in?! I didn't even notice this was a thing from a recent upgrade of the app (Authenticator) 🤦‍♂️
prologic
twtxt.net
View Thread
Wow !!! 😱 Those sneaky little shitheads!!! Google are unconspicious lying sons of notches 😢 When da fuq did they sneak this feature in?! I didn't even notice this was a thing from a recent upgrade of the app (Authenticator) 🤦‍♂️
prologic
twtxt.net
View Thread
Wow !!! 😱 Those sneaky little shitheads!!! Google are unconspicious lying sons of notches 😢 When da fuq did they sneak this feature in?! I didn't even notice this was a thing from a recent upgrade of the app (Authenticator) 🤦‍♂️
prologic
twtxt.net
View Thread
Also kind of curious how syncing to Google servers made this attack worse? Not that clear from the article 🤔
prologic
twtxt.net
View Thread
Also kind of curious how syncing to Google servers made this attack worse? Not that clear from the article 🤔
prologic
twtxt.net
View Thread
Also kind of curious how syncing to Google servers made this attack worse? Not that clear from the article 🤔
movq
www.uninformativ.de
View Thread
@prologic

> Also kind of curious how syncing to Google servers made this attack worse? Not that clear from the article 🤔

As I understand it: The attacker was able to compromise the Google account of that employee. That would have been pretty been in and of itself. Due to this horseshit “sync” feature, though, the attacker was also able grab all those TOTP seeds that can be used to log in to other sites.

What’s unclear to me is how the attacker got to the *first* factor (probably a normal password). That was probably fished separately? And/Or that employee used the same password everywhere? 🤔
movq
www.uninformativ.de
View Thread
@prologic

> Also kind of curious how syncing to Google servers made this attack worse? Not that clear from the article 🤔

As I understand it: The attacker was able to compromise the Google account of that employee. That would have been pretty been in and of itself. Due to this horseshit “sync” feature, though, the attacker was also able grab all those TOTP seeds that can be used to log in to other sites.

What’s unclear to me is how the attacker got to the *first* factor (probably a normal password). That was probably fished separately? And/Or that employee used the same password everywhere? 🤔
movq
www.uninformativ.de
View Thread
@prologic

> Also kind of curious how syncing to Google servers made this attack worse? Not that clear from the article 🤔

As I understand it: The attacker was able to compromise the Google account of that employee. That would have been pretty been in and of itself. Due to this horseshit “sync” feature, though, the attacker was also able grab all those TOTP seeds that can be used to log in to other sites.

What’s unclear to me is how the attacker got to the *first* factor (probably a normal password). That was probably fished separately? And/Or that employee used the same password everywhere? 🤔
prologic
twtxt.net
View Thread
@movq I mean yeah I totally get that syncing the TOTP seeds is a horrible idea. It defeats the point of a second factor and "something you have". 🤦‍♂️
prologic
twtxt.net
View Thread
@movq I mean yeah I totally get that syncing the TOTP seeds is a horrible idea. It defeats the point of a second factor and "something you have". 🤦‍♂️
prologic
twtxt.net
View Thread
@movq I mean yeah I totally get that syncing the TOTP seeds is a horrible idea. It defeats the point of a second factor and "something you have". 🤦‍♂️