If Jack Dorsey got hacked I want to know how just in case a similar attack vector would affect Mastodon users

Wowaweewa. So the attack didn't even involve 2FA because they just spoofed the source phone number and sent the tweets via SMS, a process that does not involve 2FA or any other authentication.

@Gargron twitter still relies mostly on cell phone/text based 2FA so that's probably where they fucked up

@Gargron Huh. See, my money would have been on it being related to the iPhone zero-day stuff.

@Gargron I always wanted to know if you could spoof SMS, now I know.

@Gargron oh yeah!

I'd forgotten that Twitter was originally a SMS-based service.

I wonder if they still have users that tweet that way because they don't have a smart phone.

@Gargron ISDN hacking is how the Daily Mail and other newspapers got ahold of voicemails of a bunch of celebrities and politicians, IIRC.
Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!