undefined | Better HN

0 pointsmym19904y ago0 comments

No real reason to point the finger at people at Verizon and ATT are more fallible than others. Almost anyone can fall for social engineering if done right/often enough. I know you probably think you're too smart to be fooled like that, but that's exactly how you'll fall to a scam.

0 comments

2 comments · 1 top-level

Jerrrry4y ago· 1 in thread

The people Verizon/ATT are more fallible, because of the implicit risk/threat model that is imposed on us by duopolistic infrastructure.

They have vastly more power without the required training.

This asymmetry makes them larger targets, and therefore, more fallible.

ATT/Verizon employees are the weakest link in almost all threat models, including our national one.

I don't think I am personally infallible; and I am/used to be the reason you have to take cyber, social engineer, and spear attack trainings every year.

It is because I know the true weakest links (humans with unrelegated access) that compel me to remind others:

do not use SMS for 2FA.

There are other ways of getting the nonce/temporal secret to the end-user without pitting the security to a overworked 27 year old druggy CSR in upstate new york.

mym1990OP4y ago

Eh to be honest your whole argument fell apart as I read the last few words. Hope you change your outlook on the world, for your own good.

j / k navigate · click thread line to collapse