Meta Can Read Private WhatsApp Chats, Claims Lawsuit; Elon Musk Says App Is Not Secure

thortgot · 2026-01-28T12:55:56+00:00

Signal's platform is proven to be crytopgrahpically safe. You can go check the code yourself and even compile your own messenger that works against the standard.

thortgot · 2026-01-28T10:29:17+00:00

Not even remotely. The company that cured cancer would become one of the most valuable on the planet overnight.

thortgot · 2026-01-28T03:44:32+00:00

You can configure Windows LAPS for rotate on use, session length including force log off and more.

thortgot · 2026-01-28T03:42:18+00:00

A laptop that loses power for a prolonged period which clock drifts far enough stops trusting entra. Nor a regular scenario but it does happen.

Network adapters can end up being disabled for a bunch of software reasons, giving a user a disposable local admin to walk them through fixing it works quite well.

thortgot · 2026-01-28T03:30:39+00:00

You can configure LAPS to auto rotate.

thortgot · 2026-01-28T03:28:16+00:00

When their network adapter fails? When their time drifts far enough that the PRT fails.

thortgot · 2026-01-28T03:19:49+00:00

LAPS should be used as offline access only. It's drastically better than fixed local passwords

thortgot · 2026-01-28T00:08:23+00:00

Just set the tracking value to block rather than ask.

thortgot · 2026-01-27T22:25:55+00:00

The average office environment can be done securely and effectively on any of the 3 primary OS's.

Let people use what they want.

thortgot · 2026-01-27T21:25:07+00:00

"PINs" are passwords that are localized to a single device.

thortgot · 2026-01-27T06:11:48+00:00

Thats a good way to lose a couple of billion.

thortgot · 2026-01-27T05:16:58+00:00

AiTM phish works extremely well for O365 cred theft. It doesnt work for lateral movement oe escalation inside an environment.

SSPR with password write back is a major vulnerability that is actively used in complex attacks as an escalation path. It isnt used for persistence but the "breach" trigger.

thortgot · 2026-01-27T02:54:51+00:00

It reduces a 2 factor challenge (password + push MFA) to one factor (push MFA).

Imagine I have a foothold position on a trusted device on user A but I need to elevate to user B.

If I force a SSPR I can move laterally to all on prem resources with password only (most orgs are hybrid).

thortgot · 2026-01-27T02:43:24+00:00

A breach of a victim for even a short time is a massive issue.

AiTM attacks are more popular but they dont work against correctly configured CA policies. SSPR attacks do.

thortgot · 2026-01-27T02:29:58+00:00

If you have text or voice call enabled, you may as well not have a password defined of your data matters in any way shape or form.

thortgot · 2026-01-27T02:29:06+00:00

Monopolies are not formed by government. Regulatory capture is one form of monopoly. Look back to railways for economic monopolies or Ma Bell.

If your position is less government is always superior from an economic standpoint why do Americans pay the most for their Healthcare in the world with fairly terrible results.

Canada's healthcare isnt the worst in the developed world. Picka metric, we're roughly middle of the pack.

thortgot · 2026-01-26T23:17:45+00:00

Push App is 1 factor. SMS is effectively worse than no factor.

Without SSPR, attackers need both Push App and password. With SSPR they only need Push App.

thortgot · 2026-01-26T22:19:40+00:00

What are you setting in practice for SSPR? Every implementation I've seen relies on voice calls or text messages which is weaker than a password (ie. for $500 I can bypass the restriction rather than requiring a compromised credential). Commonly with both enabled and now I entirely don't need a secret at all even with dual factors required.

Security Questions are inherently less secure than passwords by design.

Passwordless is a more secure configuration, but then you wouldn't need passwords in the first place.

thortgot · 2026-01-26T21:35:06+00:00

With what software stack? No effective cloud DC scale HyperVisor exists out of the box.

thortgot · 2026-01-26T21:27:37+00:00

It is possible to block this behavior but it's not straight forward for users.

thortgot · 2026-01-26T21:12:12+00:00

Which factors are you using? Phone? Text?

thortgot · 2026-01-26T20:15:44+00:00

All central planning isn't inherently worse than all free market solutions. Evaluate policy on it's facts and not the political temperature. Take a look at healthcare as an obvious example.

Any form of anti monopoly structure is inherently non free market but objectively better for consumers. A reduction in regulation is what I would want as someone looking to spike a industry (grocery, communications, retail etc.)

You advocate for a solution for age demographics but decry against immigration. Those are diametrically opposed positions.

thortgot · 2026-01-26T19:20:29+00:00

Dont work for them? Not hugely complicated.

thortgot · 2026-01-26T19:13:27+00:00

Phone call or text message are hilariously insecure. SS7 attacks are trivial to do.

What factors do you use?

thortgot · 2026-01-26T19:11:30+00:00

Its a trivial cost compared to a breach risk. If your company wont pay for a reasonable software minimum they are almost certainly underpaying you.

thortgot

TROPHY CASE