this post was submitted on 08 Nov 2023
565 points (89.8% liked)

Technology

58303 readers
36 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

The same threat actor has leaked larger amounts of data from LinkedIn dated 2023. They claim this new data contains 35M lines and is 12 GB uncompressed.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 11 points 1 year ago (2 children)

well with PGP, the header is unencrypted

Is there a single large company that even sends PGP email?

logging into example.com with the user's email and that 2fa code is going to be a breeze

Sure, IF 1. you already have the user's password, and 2. a new code wouldn't be required/the previous code invalidated when initiating a new login session?

Like, I'm not saying that 2FA codes via email is secure, but you're implying that they are making a security hole via this - which I don't see.

[–] [email protected] 5 points 1 year ago (1 children)

Pgp, the greatest program never used by anyone

[–] [email protected] 2 points 1 year ago (1 children)

I used it. For about 10 minutes. Then I read the help files. Then I searched. Then I used it some more. Then I uninstalled it.

[–] [email protected] 1 points 1 year ago

Unless you followed by installing gpg... then you failed. There are tons of uses for it, not necessarily encrypting emails (or more precisely, it kind of sucks at encrypting emails).

[–] [email protected] 1 points 1 year ago

Yeah not following the logic. 2FA via email is insecure. Doesn’t matter where in the email. That person is confused about something.