Ænðr E. Feldstraw21m ago
How does one #unittest a #webapp that has its functionality secured using #oath and #mfa ? I'm writng a #selenium -based test suite in the #rust programming language to a web app one of my clients has me develop.
Radio_Azureus1d ago

listed.to

TIL about https://listed.to/

I've been using Standard Notes for a while. It's much handier to type in your toots & posts in a nice editor, than in the puny port in the web interfaces of mastodon and other web interfaces.

I started to look for a handy solution when I began typing long posts on my Androids

  • phone interfaces suck balls when you have a tall corpus
  • touch screen keyboards suck major
  • everything is too small
  • fingers slam & flow over on other letters than touched
  • typing errors are major
  • auto correct is a must but a privacy hell (exposing everything you write to Alphabet / google)
  • It takes 10 times longer to type in a short post on a Android capacitive interface with auto correction keyboard and word suggestion enabled
  • In comes the saviour

Standard Notes is double encrypted, markdown capable, auto-synchronizes and available on all platforms you work in

  • have a browser ready with JavaScript and tls
  • Standard Notes has MFA 2FA encryption for your account
  • paid extras of the service are not needed here
  • you may enable them if you choose to thave that convenience
  • I use md editors on my machines to have previews of my markdown formatted notes
  • On Linux I use the powerful ghostwriter which uses very powerful libraries
  • pandoc version 3.1.11.1
  • cmark version 0.30.2
  • multimarkdown version 1.35
  • These tools and libs make my markdown experience incredible smooth, surpassing what Standard Notes has to offer

Today I learned about Listed when I walked down the Standard Notes preferences

  • Listed is linked to Standard Notes
  • Listed is free (as in beer)
  • You can blog you secure notes when you explicitly choose to do so
  • You have to enter your super long (64 character) password to blog a note standard remark 1
  • A key pair is generated to enable standard notes to publish that one note in your blog
  • You have to enter your password for every note you want to blog [logical since notes are per default secure and private]
  • The blogging port is timer based 60 seconds is the shortest timer
  • You have to manually update your Listed blog post
  • Listed blog posts are presented in a nice clean and fast interface on port 443
  • Listed can be configured to your own taste including your gravatar

remarks

  • Your passwords should be really long, use password managers to process them
  • make sure you have weird characters in them
  • make it a PITA to enter the passwords manually
  • use MFA 2FA everywhere you make accounts
  • There is no cloud just somebody elses server

Sources

https://standardnotes.com/

https://standardnotes.com/privacy

https://app.standardnotes.com/

https://listed.to/

https://github.com/commonmark/cmark

https://fletcher.github.io/MultiMarkdown-6/MMD_Users_Guide.html

https://pandoc.org/

https://listed.to/@kieran/60239/goodbye-windows-11-hello-linux-mint

#network #synchronization #mathematics #technology #encryption #MFA #2FA #sync #standard #notes #listed #to #programming #blogging #opensource #ghost #writer #cmark #pandoc #mulitmarkdown #markdown

IAMDevBox2d ago

Europol just took down Tycoon 2FA — the biggest phishing-as-a-service platform (96K victims, 55K Microsoft accounts). Meanwhile, Starkiller shows AitM phishing is now a SaaS product. TOTP, push, and SMS MFA all fail. Only FIDO2 passkeys stop it.

https://iamdevbox.com/posts/aitm-phishing-starkiller-tycoon-2fa-mfa-bypass-defense/?utm_source=mastodon&utm_medium=social&utm_campaign=blog_post

#Phishing #MFA #Passkeys #FIDO2 #IdentitySecurity

PPC Land3d ago
AutoBait exposed: inside the AI slop factory draining ad budgets: DoubleVerify's Fraud Lab uncovered AutoBait, a 200+ domain MFA network using exposed AI prompts, costing advertisers millions in wasted impressions. https://ppc.land/autobait-exposed-inside-the-ai-slop-factory-draining-ad-budgets/ #AutoBait #AdFraud #MFA #Advertisers #DigitalMarketing
AutoBait exposed: inside the AI slop factory draining ad budgets

DoubleVerify's Fraud Lab uncovered AutoBait, a 200+ domain MFA network using exposed AI prompts, costing advertisers millions in wasted impressions.

PPC Land
Michael Gisiger 3d ago

Aaaaargh, schlimm genug, dass ich mich mit #Microslop herumschlagen muss – aber das schlägt dem Fass den Boden aus: Login > #MFA via Authenticator-App streikt > „Ich kann meine Authenticator-App im Moment nicht nutzen“ > Ich bekomme zwei Optionen zur Auswahl: a) Authenticator-App oder Einmalcode aus der Authenticator-App.

Seriously, WTF!!11!!

OTX Bot4d ago

When tax season becomes cyberattack season: Phishing and malware campaigns using tax-related lures

During tax season, threat actors exploit the urgency of time-sensitive tax-related emails to trick targets into opening malicious attachments, scanning QR codes, or following link chains. Recent campaigns identified by Microsoft Threat Intelligence use lures around W-2 forms, tax forms, and impersonation of government tax agencies and financial institutions. These campaigns aim to harvest credentials or deliver malware, often using phishing-as-a-service platforms for convincing credential theft and MFA bypass. Notable tactics include using legitimate remote monitoring tools, targeting specific industries and roles like accountants, and employing sophisticated social engineering techniques. The campaigns leverage various file formats, legitimate infrastructure, and multiple user interactions to complicate detection.

Pulse ID: 69bc161bd79aba8d7aaa1eed
Pulse Link: https://otx.alienvault.com/pulse/69bc161bd79aba8d7aaa1eed
Pulse Author: AlienVault
Created: 2026-03-19 15:28:27

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberAttack #CyberSecurity #Email #Government #ICS #InfoSec #MFA #Malware #Microsoft #OTX #OpenThreatExchange #Phishing #RAT #SocialEngineering #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
Dani5d ago

Der RMV führt eine Zwei-Faktor-Authentifizierung ein. 🎉 Das OTP wird per E-Mail verschickt. 🤯 Soll ich mich jetzt freuen, weil es wenigstens keine SMS geworden ist?

#fail #2fa #mfa #sicherheit #security #rmv #hessen #frankfurt

Zevonix5d ago

🔐 Cyber Tip: Use time based one time passwords TOTP.

Add an authenticator app to your accounts for an extra layer of protection. Even if a password is stolen, the code expires in seconds.

https://zurl.co/aUoAY

#Zevonix #CyberSecurity #MFA #ITSecurity

Offensive SequenceMar 17
⚠️ HIGH severity: CVE-2026-4208 in TYPO3 "E-Mail MFA Provider" lets attackers bypass MFA by reusing/omitting codes due to faulty state reset. Patch or disable the extension and monitor logs for abuse. https://radar.offseq.com/threat/cve-2026-4208-cwe-639-in-typo3-extension-e-mail-mf-74236ea3 #OffSeq #TYPO3 #MFA #Vuln
PanstagMar 17

Passwords alone are no longer enough to protect your accounts.

Multi-Factor Authentication (MFA) adds an extra layer of security — such as a one-time code, authenticator app, or biometric verification.

Even if a password is compromised, MFA can help prevent unauthorized access.

I’ve put together a simple guide explaining how it works and why it matters:
https://www.panstag.com/2026/03/what-is-mfa-multi-factor-authentication.html

#CyberSecurity #Privacy #MFA #InfoSec #OnlineSafety