[techdirt]Court Will Decide If AT&T Is Liable For Cryptocurrency Theft Caused By Shoddy Security - Page 2 - Overclock.net - An Overclocking Community

Forum Jump: 

[techdirt]Court Will Decide If AT&T Is Liable For Cryptocurrency Theft Caused By Shoddy Security

Reply
 
Thread Tools
post #11 of 29 (permalink) Old 07-30-2019, 02:05 PM
The 6502 Still Rocks
 
Master Chicken's Avatar
 
Join Date: Feb 2016
Location: Sanford, FL.
Posts: 689
Rep: 30 (Unique: 28)
Quote: Originally Posted by xJumper View Post
Lol nobody here seems to get the larger picture... That about how SIM, GSM and the accompanying use of it as the predominant form of 2FA is one of the largest security holes next to maybe IoT right now.

Literally right now, SIM boosting is probably one of the largest underground methods circulating on the .onion sites on how to rip people off, steal identities, commit fraud and extortion. It's stupid easy.

Nobody wants to take responsibility (especially not a mobile network operator who is heavily invested in SIM/GSM) because that would mean owning up to the fact that the entire system sucks in terms of security and having to overhaul everything.
Exactly. This isn't about Crypto-currency. This is about Two Factor Authentication. I have 2FA turned on on several of my traditional accounts. If my number can be hijacked easily and the texted code sent to the thief, then 2FA using texted pins is dead. And yet, these texted pins are the 2FA method in predominant use today with the average consumer.
Master Chicken is offline  
Sponsored Links
Advertisement
 
post #12 of 29 (permalink) Old 07-30-2019, 02:08 PM - Thread Starter
professional curmudgeon
 
looniam's Avatar
 
Join Date: Apr 2009
Posts: 9,568
Rep: 778 (Unique: 446)
Quote: Originally Posted by xJumper View Post
Lol nobody here seems to get the larger picture... That about how SIM, GSM and the accompanying use of it as the predominant form of 2FA is one of the largest security holes next to maybe IoT right now.

Literally right now, SIM boosting is probably one of the largest underground methods circulating on the .onion sites on how to rip people off, steal identities, commit fraud and extortion. It's stupid easy.

Nobody wants to take responsibility (especially not a mobile network operator who is heavily invested in SIM/GSM) because that would mean owning up to the fact that the entire system sucks in terms of security and having to overhaul everything.
to be fair(?) i knew since mining was mentioned there would be haters because of the effect it has had on gpu prices and its a pipe dream to think any moderator here would keep things on topic anymore.

but hey, if it helps ONE PERSON avoid identity theft, then imo it was worth it.

my thanks to you and miklkit for understanding.

and now Master Chicken.

Remember the golden rule of statistics: A personal sample size of one is a sufficient basis upon which to draw universal conclusions.
Upload the computer to Dropbox and provide a link to it so others may download it to examine and give advice for repairs.
loon 3.2
(18 items)
CPU
i7-3770K
Motherboard
Asus P8Z77-V Pro
GPU
EVGA 980TI SC+
RAM
16Gb PNY ddr3 1866
Hard Drive
PNY 1311 240Gb
Hard Drive
1 TB Seagate
Hard Drive
3 TB WD Blue
Optical Drive
DVD DVDRW+/-
Power Supply
EVGA SuperNova 750 G2
Cooling
EKWB P280 kit
Cooling
EK-VGA supremacy
Case
Stryker M [hammered and drilled]
Operating System
Win X
Monitor
LG 24MC57HQ-P
Keyboard
Ducky Zero [blues]
Mouse
corsair M65
Audio
SB Recon3D
Audio
Klipsch ProMedia 2.1
▲ hide details ▲


looniam is offline  
post #13 of 29 (permalink) Old 07-30-2019, 03:05 PM
New to Overclock.net
 
skupples's Avatar
 
Join Date: Apr 2012
Location: Fort Lauderdale
Posts: 18,114
Rep: 538 (Unique: 305)
Quote: Originally Posted by Master Chicken View Post
Exactly. This isn't about Crypto-currency. This is about Two Factor Authentication. I have 2FA turned on on several of my traditional accounts. If my number can be hijacked easily and the texted code sent to the thief, then 2FA using texted pins is dead. And yet, these texted pins are the 2FA method in predominant use today with the average consumer.
and general office space users as well.

we just got done deploying 2fa in insurance hole, from mail clerk to CEO.

slightly different for us though, we only need to be able to prove intent for CYA. we're not a multimillion human carrying mega-corp.

#25 best, TBA this year. we a joke.

R.I.P. Zawarudo, may you OC angels' wings in heaven.
If something appears too good to be true, it probably is.
skupples is offline  
Sponsored Links
Advertisement
 
post #14 of 29 (permalink) Old 07-31-2019, 07:04 AM
Tokyo the defiler
 
emeianoite's Avatar
 
Join Date: Oct 2010
Location: lawlz
Posts: 790
Rep: 18 (Unique: 17)
Quote: Originally Posted by Gunderman456 View Post
So much for crypto being safe. Hopefully, every crypto phantom coin in the cloud gets stolen or erased out of existence. Shock some people back to reality.

What a scam. Hey, I need all the garbage cleaned off my lawn. Here is a drawing of a fig shaped like a coin. Here is a thousand of them. Now if you're lucky some schmucks will accept them as currency. I've already hired some oil snake salesmen to get these coins trading on the stock market. Don't ask, I'm connected. Yes, for the gullible like you and me since I guess I also believe in phantom things like bank of Rothschild fiat money backed by nothing. Ohhhh....
Do you not understand how currency works? You sound upset. We traded sea shells once, and bartered with trades (still).

Babies are just something you have to not make die...



emeianoite is offline  
post #15 of 29 (permalink) Old 07-31-2019, 08:30 AM
Otherworlder
 
epic1337's Avatar
 
Join Date: Feb 2011
Posts: 7,304
Rep: 216 (Unique: 124)
Quote: Originally Posted by Master Chicken View Post
Exactly. This isn't about Crypto-currency. This is about Two Factor Authentication. I have 2FA turned on on several of my traditional accounts. If my number can be hijacked easily and the texted code sent to the thief, then 2FA using texted pins is dead. And yet, these texted pins are the 2FA method in predominant use today with the average consumer.
yup, its much like some locksmith's masterkey got stolen due to negligence yet they refuse to admit their locks are now compromised.

trolling an adult is very dangerous, don't try it at home nor at work. you don't want to play tag with a rabid man.
epic1337 is offline  
post #16 of 29 (permalink) Old 07-31-2019, 07:12 PM
New to Overclock.net
 
8051's Avatar
 
Join Date: Apr 2014
Posts: 2,773
Rep: 22 (Unique: 16)
Quote: Originally Posted by epic1337 View Post
yup, its much like some locksmith's masterkey got stolen due to negligence yet they refuse to admit their locks are now compromised.
Yikes. I've used 2FA to access my bank accounts. It's scary to think someone could steal my phone number right out from under me then use it to access my bank accounts.

Does this scam work as follows: someone pretends to be the target victim (as to name and phone number) calls the cellular service provider and states that their existing phone is dead and that they have a new phone and want the phone number ported over to that different phone?

When my old dumb phone actually died, I remember there was a separate verification (because I had forgotten my password) they wanted before they would port my number over to the new phone (because they couldn't text me to verify I was who I was). They wanted the last date my account was charged for my cellular service. So if someone doesn't have your password or phone or a billing statement how could they pull this off? And wouldn't someone notice almost instantly that their phone was no longer active on the cellular network?
8051 is offline  
post #17 of 29 (permalink) Old 07-31-2019, 07:23 PM
Otherworlder
 
epic1337's Avatar
 
Join Date: Feb 2011
Posts: 7,304
Rep: 216 (Unique: 124)
Quote: Originally Posted by 8051 View Post
Yikes. I've used 2FA to access my bank accounts. It's scary to think someone could steal my phone number right out from under me then use it to access my bank accounts.

Does this scam work as follows: someone pretends to be the target victim (as to name and phone number) calls the cellular service provider and states that their existing phone is dead and that they have a new phone and want the phone number ported over to that different phone?

When my old dumb phone actually died, I remember there was a separate verification (because I had forgotten my password) they wanted before they would port my number over to the new phone (because they couldn't text me to verify I was who I was). They wanted the last date my account was charged for my cellular service. So if someone doesn't have your password or phone or a billing statement how could they pull this off? And wouldn't someone notice almost instantly that their phone was no longer active on the cellular network?
this explains it fairly well.
https://www.pandasecurity.com/mediac...ing-explained/

trolling an adult is very dangerous, don't try it at home nor at work. you don't want to play tag with a rabid man.
epic1337 is offline  
post #18 of 29 (permalink) Old 07-31-2019, 08:44 PM
What should be here ?
 
huzzug's Avatar
 
Join Date: Jun 2012
Posts: 5,220
Rep: 356 (Unique: 255)
Quote: Originally Posted by 8051 View Post
Yikes. I've used 2FA to access my bank accounts. It's scary to think someone could steal my phone number right out from under me then use it to access my bank accounts.

Does this scam work as follows: someone pretends to be the target victim (as to name and phone number) calls the cellular service provider and states that their existing phone is dead and that they have a new phone and want the phone number ported over to that different phone?

When my old dumb phone actually died, I remember there was a separate verification (because I had forgotten my password) they wanted before they would port my number over to the new phone (because they couldn't text me to verify I was who I was). They wanted the last date my account was charged for my cellular service. So if someone doesn't have your password or phone or a billing statement how could they pull this off? And wouldn't someone notice almost instantly that their phone was no longer active on the cellular network?
You could even do it if you are a distressed mom.

#2 their debt is insane, even for a "diverse field" company. They cannot even afford to service the debt maintenance let alone make an actual dent in the debt itself. - Internet Stranger
huzzug is online now  
post #19 of 29 (permalink) Old 07-31-2019, 08:54 PM
New to Overclock.net
 
skupples's Avatar
 
Join Date: Apr 2012
Location: Fort Lauderdale
Posts: 18,114
Rep: 538 (Unique: 305)
yeppers, folks don't realize what you can accomplish with a simple phone call.

drug dealers retiring into mega money running modern scams.

R.I.P. Zawarudo, may you OC angels' wings in heaven.
If something appears too good to be true, it probably is.
skupples is offline  
post #20 of 29 (permalink) Old 07-31-2019, 09:23 PM
New to Overclock.net
 
Hueristic's Avatar
 
Join Date: Jul 2008
Location: Bottom_Of_A_Bottle
Posts: 10,546
Rep: 433 (Unique: 289)
Quote: Originally Posted by speed_demon View Post
Always be extra cautious when working with and storing crypto currencies.

I myself lost a rather large amount of coins from the Mt. Gox theft and have never forgotten how easy it is for thieves to steal crypto funds. https://en.wikipedia.org/wiki/Mt._Gox

I would urge anyone with crypto coins to go beyond just keeping them in a wallet on your PC or phone as those devices are typically not secure enough. A physical or hardware wallet might be a better alternative.

https://thenextweb.com/hardfork/2018...rrency-claims/

READ this thread before starting your first build!!!
ALWAYS power up a Mobo Before installing it! Consider Less than helpful posts as Free Bumps.
devil-smiley-019.gif¡¡¡ʍʇɟ qn1ɔ uoıʇɐıɔǝɹddɐ 939 ʇǝʞɔos ǝɥʇthumbsupsmiley.pngsozo.gifRetro Rulezsozo.gif

1.
If you can't afford to lose it don't mod or OC it.
2.
At least read the ENTIRE OP before commenting.

Semper Fi


Hueristic is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off