A new tool has been released which implements MitM attacks against 2FA, including Protonmail.
Forewarned is unflatlined, folks.
@drwho eh we all knew this was coming at some point.
@rysiek Yup. Sooner rather than later.
@drwho I am interested by why U2F is not vulnerable. I guess I will need to dive into the specs.
@drwho I mean unless we're talking about 30s time-based codes. U2F is a single-use code if I am correct. But then, so are SMS codes, usually.
@drwho "Modlishka is inefficient against U2F-based schemes that rely on hardware security keys."
ProtonMail needs to support U2F!
nothing is safe.
@drwho "Duszyński said that while his tool can automate the process of a phishing site passing through 2FA checks based on SMS and one-time codes, Modlishka is inefficient against U2F-based schemes that rely on hardware security keys."
small comfort i guess?
@drwho This has been happening via email for some time now
This is why Google keeps changing their signin page every few months
A bunch of technomancers in the fediverse. Keep it fairly clean please. This arcology is for all who wash up upon it's digital shore.