1. 8
  1.  

  2. 2

    Here is the talk from Engel https://media.ccc.de/v/31c3_-_6249_-_en_-_saal_1_-_201412271715_-_ss7_locate_track_manipulate_-_tobias_engel it is really interesting.

    “Private” networks that do not employ encryption and validation needs to stop.

    Here is another example with the travel agencies networks https://media.ccc.de/v/33c3-7964-where_in_the_world_is_carmen_sandiego

    1. 1

      2FA is mostly security theatre [0], and 2FA that uses SMS is most definitely just masquerading as security theatre in 2017.

      Even NIST updated their guidelines [1] last year to discourage using public switched telephone networks (PSTN) to deliver multi-factor authentication tokens:

      Note: Out-of-band authentication using the PSTN (SMS or voice) is discouraged and is being considered for removal in future editions of this guideline.

      1. The Failure of Two-Factor Authentication by Bruce Schneier
      2. https://pages.nist.gov/800-63-3/sp800-63b.html