If you depend on a third party to handle your IoT device you just own a pricy brick. They can stop at any time, they can change what is supported, they can change the price. It won't change as there is no money in making devices we can run under local control.

https://www.engadget.com/amazon-will-start-charging-for-formerly-free-alexa-guard-smoke-and-security-alerts-184602106.html

This is a terrifying and sobering write-up by Retool on so many levels. It's about about a recent spear-phishing via SMS attack on employees, followed by voice phishing attack that deepfaked an employee's voice.

Retool said just one of its employees fell for it, which is of course all it takes. Here's the scary part:

"The voice was familiar with the floor plan of the office, coworkers, and internal processes of the company. Throughout the conversation, the employee grew more and more suspicious, but unfortunately did provide the attacker one additional multi-factor authentication (MFA) code.

The additional OTP token shared over the call was critical, because it allowed the attacker to add their own personal device to the employee’s Okta account, which allowed them to produce their own Okta MFA from that point forward. This enabled them to have an active GSuite session on that device. Google recently released the Google Authenticator synchronization feature that syncs MFA codes to the cloud. As Hacker News noted, this is highly insecure, since if your Google account is compromised, so now are your MFA codes.

Unfortunately Google employs dark patterns to convince you to sync your MFA codes to the cloud, and our employee had indeed activated this “feature”. If you install Google Authenticator from the app store directly, and follow the suggested instructions, your MFA codes are by default saved to the cloud. If you want to disable it, there isn’t a clear way to “disable syncing to the cloud”, instead there is just a “unlink Google account” option. In our corporate Google account, there is also no way for an administrator to centrally disable Google Authenticator’s sync “feature”. We will get more into this later."

https://retool.com/blog/mfa-isnt-mfa/

Thorn sucks and Ashton Kutcher sucks, but now they will suck separately.

https://time.com/6314436/ashton-kutcher-steps-down-thorn-danny-masterson/

"Some of our writers said that when we met alien civilisations," the human envoy said, "we would be weak in comparison."

"We read some of those," the alien ambassador said.

"Others said we'd be space orcs."

"Indeed. None were correct."

"What are we?"

"Great storytellers."

#MicroFiction #TootFic #SmallStories

About that much heralded herd immunity..

'Researchers at McMaster University have found that rather than conferring immunity against future infections, infection during the first Omicron wave of COVID left the seniors they studied much more vulnerable to reinfection during the second Omicron wave.

#Covid #Covid19

https://www.news-medical.net/news/20230821/Omicron-infection-may-increase-risk-of-reinfection-study-finds.aspx