If I have to pick just one, the dumbest thing Hacker News believes about security is that phishing is a simplistic attack that only unsophisticated users fall for.
-
-
oh, you're assuming there is fakebankpage.php server code that is attempting realbankpage.html passthrough login at the actual time of form submission? Possible, unless the login form is captcha'ed
-
Attacker can just proxy whatever captcha necessary to you. Only real solution is U2F. This is a favourite argument of mine, I think SMS 2FA is worthless and needs to die

- 5 more replies
New conversation -
-
-
Have done this personally many times. Phishme.php asks for creds as well as 2fa token. While campaign is active I sit druling over http logs and quickly log in manually with users creds and valid 2fa token.
-
Royce you should just write a script that scans the logs for you and pushes a prompt to your screen with the 2FA
End of conversation
New conversation -
-
-
The backend server could also create a session in the background and keep making requests it to keep it alive for a longer period of time
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.