zlacker

Why state-sponsored hacking specifically, as opposed to any (likely) unauthorized access?

replies(5): >>A_COMP+6 >>jsprog+7 >>digita+h >>ryanlo+t >>adrian+c3

>>Pyxl10+(OP)
If they have the information, the heads-up could save a life/personal freedom?

replies(1): >>_bpo+j

>>Pyxl10+(OP)
Also, how will sending a new password to your cell phone help? If you are dealing with state sponsored actors, why not assume they can see all text and email?

replies(2): >>Lafore+k >>johnco+j1

>>Pyxl10+(OP)
it's quite obvious, really. Regular unauthorized access means: batten down the hatches, man battle stations, i.e. change password State-sponsored hacking means: delete social media profile, move residence, change phones, start praying, etc ;-)

replies(1): >>strang+t1

>>A_COMP+6
There are many non-state actors who can threaten life/personal-freedom.

replies(2): >>TeMPOr+w1 >>saryan+A1

>>jsprog+7
A two-factor authentication token to sent via text, not the actual password.

That said, I find SMS-based 2FA to be pretty dodgy as well. Cloudflare was hacked once by somebody who managed gain access to an admin's mobile phone by social engineering their telco. If a site does not offer TOTP based 2FA I usually don't bother using it.

replies(2): >>jsprog+V >>suneil+M2

>>Pyxl10+(OP)
I think they do, they're just being extra helpful here and specifying that they think whoever owned you was a state actor.

>>Lafore+k
I didn't say the actual password. The page wasn't very forthcoming on all the details, but a 2FAT is typically just a very short, temporary password.

>>jsprog+7
If the actor is not sponsored by a state that would have easy access to your telecom (e.g. you live in the US but the attack is from a hacker sponsored by China) this is still very helpful.

>>digita+h
James Mickens' "Mossad/not-Mossad" threat model comes to mind: https://www.usenix.org/system/files/1401_08-12_mickens.pdf

replies(2): >>iandan+92 >>wbroni+qa

>>_bpo+j
Not in the same way a state actor can. Especially if it's your own state. An FBI agent won't go to jail for ending your life/personal freedom; he can act in the open.

>>_bpo+j
Yes, but the majority of hacking attempts against Facebook accounts are probably just trying to post ads for knock-off Ray-Bans.

>>strang+t1
Thanks for that, it had honestly never occurred to me that murder for the purpose of buying someone's stuff at an estate sale might be a thing. I have updated my will accordingly.

replies(1): >>vitd+k3

>>Lafore+k
How does TOTP compare to HOTP?

replies(1): >>Lafore+8a

>>Pyxl10+(OP)
They already notify you about likely unauthorized access. This is just additional notification for state-sponsored attacks.

>>iandan+92
Seriously? I got through the first page and a half of smarmy pop-culture references and couldn't figure out what the heck the author was talking about, so I just stopped reading. More power to you if you understood it!

replies(1): >>TeMPOr+O3

>>vitd+k3
I think it's because of the context it was linked in. Mickens is a pretty smart guy and is known for the series of articles like this one; it's something you read to reflect on in between crying out of laughter.

>>suneil+M2
HOTP tokens does not expire with time, so there is a bigger risk of them being stolen from transit/storage and successfully used.

>>strang+t1
That is an incredible essay. Thanks for posting