Post ASpH8vMfWyNNEmHAG0 by pauliehedron@infosec.exchange
(DIR) More posts by pauliehedron@infosec.exchange
(DIR) Post #ASoUhaGJ5PLWAcCIpU by jerry@infosec.exchange
2023-02-18T19:18:24Z
0 likes, 0 repeats
I decided to cross the two incredibly annoying streams and asked chatgpt about twitter sms 2FA:Q: Was it a good idea for twitter to make sms two factor authentication a paid feature?A: Twitter's decision to make SMS-based two-factor authentication (2FA) a paid feature is a matter of debate. Twitter announced the change in 2019, stating that they were making the move to encourage users to switch to more secure methods of 2FA, such as using an authentication app.While SMS-based 2FA is better than no 2FA at all, it has been shown to have some vulnerabilities. For example, SMS messages can be intercepted by attackers, and SIM swapping attacks can be used to bypass SMS-based 2FA.By making SMS-based 2FA a paid feature, Twitter is likely hoping to encourage users to switch to more secure methods of 2FA, which will ultimately help to protect their accounts better. However, this move may also make it more difficult for some users, particularly those in developing countries, to access 2FA, which could have negative consequences.In general, it is recommended that users switch to more secure 2FA methods, such as an authentication app or security key, as these are generally more secure than SMS-based 2FA. However, it is important for platforms to consider the needs and limitations of all of their users, and to provide alternative, accessible 2FA methods for those who cannot afford to pay or who lack the technical expertise to use more secure methods.
(DIR) Post #ASoUhaoL2sZHsA7TsG by feld@bikeshed.party
2023-02-18T19:20:45.982756Z
0 likes, 0 repeats
I wonder how much money SMS from bot accounts was costing them
(DIR) Post #ASoV9WCzkZoxhty784 by jerry@infosec.exchange
2023-02-18T19:24:14Z
0 likes, 0 repeats
@feld twillio’s stated rate is $0.0079 per sms message. So, figure 80% volume discount gives $0.00158 per sms. If 100,000,000 bot accounts each generated 1 sms messages in a month, that is $158,000.
(DIR) Post #ASoV9WmRcmB3TqYQNs by feld@bikeshed.party
2023-02-18T19:25:54.220718Z
0 likes, 0 repeats
is that international rate?
(DIR) Post #ASpElpp1lw7FTjP2Ho by pauliehedron@infosec.exchange
2023-02-18T19:27:19Z
0 likes, 0 repeats
@feld @jerry So like a tenth of a percent of the billion dollar loan repayment payment.
(DIR) Post #ASpElqSjOJsJSrykAi by feld@bikeshed.party
2023-02-19T03:57:02.816607Z
1 likes, 0 repeats
It's $60M a year
(DIR) Post #ASpEvWxIlwq1rQtd7g by coolboymew@shitposter.club
2023-02-19T03:59:01.863762Z
0 likes, 0 repeats
@feld @jerry @pauliehedron "of fake 2FA messages"?
(DIR) Post #ASpF19nnlhbnn28TGi by coolboymew@shitposter.club
2023-02-19T04:00:07.707980Z
0 likes, 0 repeats
@feld @jerry @pauliehedron also, lol, yeah, for 60m $ a year couldn't they just basically have their own telecom company just for sending sms and it would be cheaper lmao?
(DIR) Post #ASpGjPHffWNiV9lppY by feld@bikeshed.party
2023-02-19T04:19:01.788886Z
1 likes, 0 repeats
P much
(DIR) Post #ASpH8vMfWyNNEmHAG0 by pauliehedron@infosec.exchange
2023-02-19T04:21:11Z
0 likes, 0 repeats
@feld @jerry $60M in fake, what's the legit numbers then? Because if that's just the fakes, it's like 1200 SMS per second over the entire year!
(DIR) Post #ASpH8vvPRoAIyWWuPI by feld@bikeshed.party
2023-02-19T04:23:41.355978Z
0 likes, 0 repeats
There's also this thing besides the SMS rate
(DIR) Post #ASpILvZu9FubcOEOTA by pauliehedron@infosec.exchange
2023-02-19T04:29:03Z
0 likes, 0 repeats
@feld @jerry Twit not using someone else's auth service, they have their own.
(DIR) Post #ASpIMMWdxULXC5ufdQ by feld@bikeshed.party
2023-02-19T04:37:10.357864Z
0 likes, 0 repeats
Twilio runs Twitter's internal VOIP system. You think it isn't plausible Twitter is paying Twilio to run a branded version of their verification service for them as well?Seems logical to me anyway. Once you have a vendor in the door like that it gets easier to leverage them elsewhere