Rocksolid Light

Welcome to Rocksolid Light

mail  files  register  newsreader  groups  login

Message-ID:  

(null cookie; hope that's ok)

computers / misc.phone.mobile.iphone / Re: phony password reset issue

SubjectAuthor
* phony password reset issue*Hemidactylus*
`- Re: phony password reset issueAlan Browne

1
phony password reset issue

<dkWdnSBx39pvC5j7nZ2dnZfqnPqdnZ2d@giganews.com>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=13211&group=misc.phone.mobile.iphone#13211

  copy link   Newsgroups: misc.phone.mobile.iphone
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!newsfeed.hasname.com!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!feeder.usenetexpress.com!tr2.iad1.usenetexpress.com!69.80.99.22.MISMATCH!Xl.tags.giganews.com!local-2.nntp.ord.giganews.com!news.giganews.com.POSTED!not-for-mail
NNTP-Posting-Date: Thu, 28 Mar 2024 16:12:34 +0000
User-Agent: NewsTap/5.5 (iPhone/iPod Touch)
Cancel-Lock: sha1:O309nFECNS/s0WOhB/SdHgufosY=
Newsgroups: misc.phone.mobile.iphone
Subject: phony password reset issue
Content-Type: text/plain; charset=UTF-8
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
From: ecphoric@allspamis.invalid (*Hemidactylus*)
Message-ID: <dkWdnSBx39pvC5j7nZ2dnZfqnPqdnZ2d@giganews.com>
Date: Thu, 28 Mar 2024 16:12:34 +0000
Lines: 19
X-Usenet-Provider: http://www.giganews.com
X-Trace: sv3-XLeIsiTIXdpd0WoQHPywZ6LtNgKe1FaWviyKzgVCT/gsPZfLlAZatvgZW97gfbWNcMFpRFALQTOW3Ow!WFDX/oqt1oQg/HNtqzt/JpPVUuBRHEteCe/7zePMwDyy43DdE/xil8V/NTVjwSfp2vOK4FILdRI=
X-Complaints-To: abuse@giganews.com
X-DMCA-Notifications: http://www.giganews.com/info/dmca.html
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
X-Postfilter: 1.3.40
 by: *Hemidactylus* - Thu, 28 Mar 2024 16:12 UTC

https://www.theregister.com/AMP/2024/03/27/apple_passcode_attack/

“Apple device owners, consider yourselves warned: a targeted multi-factor
authentication bombing campaign is under way, with the goal of exhausting
iUsers into allowing an unwanted password reset.”

https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/

“Several Apple customers recently reported being targeted in elaborate
phishing attacks that involve what appears to be a bug in Apple’s password
reset feature. In this scenario, a target’s Apple devices are forced to
display dozens of system-level prompts that prevent the devices from being
used until the recipient responds “Allow” or “Don’t Allow” to each prompt.
Assuming the user manages not to fat-finger the wrong button on the
umpteenth password reset request, the scammers will then call the victim
while spoofing Apple support in the caller ID, saying the user’s account is
under attack and that Apple support needs to “verify” a one-time code.”

Re: phony password reset issue

<kkmNN.600432$c3Ea.162563@fx10.iad>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=13223&group=misc.phone.mobile.iphone#13223

  copy link   Newsgroups: misc.phone.mobile.iphone
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!feeder.usenetexpress.com!tr2.iad1.usenetexpress.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx10.iad.POSTED!not-for-mail
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: phony password reset issue
Content-Language: en-US
Newsgroups: misc.phone.mobile.iphone
References: <dkWdnSBx39pvC5j7nZ2dnZfqnPqdnZ2d@giganews.com>
From: bitbucket@blackhole.com (Alan Browne)
In-Reply-To: <dkWdnSBx39pvC5j7nZ2dnZfqnPqdnZ2d@giganews.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Lines: 27
Message-ID: <kkmNN.600432$c3Ea.162563@fx10.iad>
X-Complaints-To: abuse@usenetserver.com
NNTP-Posting-Date: Thu, 28 Mar 2024 22:39:12 UTC
Organization: UsenetServer - www.usenetserver.com
Date: Thu, 28 Mar 2024 18:39:12 -0400
X-Received-Bytes: 2115
 by: Alan Browne - Thu, 28 Mar 2024 22:39 UTC

On 2024-03-28 12:12, *Hemidactylus* wrote:
> https://www.theregister.com/AMP/2024/03/27/apple_passcode_attack/
>
> “Apple device owners, consider yourselves warned: a targeted multi-factor
> authentication bombing campaign is under way, with the goal of exhausting
> iUsers into allowing an unwanted password reset.”
>
> https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/
>
> “Several Apple customers recently reported being targeted in elaborate
> phishing attacks that involve what appears to be a bug in Apple’s password
> reset feature. In this scenario, a target’s Apple devices are forced to
> display dozens of system-level prompts that prevent the devices from being
> used until the recipient responds “Allow” or “Don’t Allow” to each prompt.
> Assuming the user manages not to fat-finger the wrong button on the
> umpteenth password reset request, the scammers will then call the victim
> while spoofing Apple support in the caller ID, saying the user’s account is
> under attack and that Apple support needs to “verify” a one-time code.”

That's an interesting attack profile. Hopefully Apple come up with some
way to dilute it to non-effect.

--
“Patriotism is when love of your own people comes first;
nationalism, when hate for people other than your own comes first.”
- Charles de Gaulle.

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor