The best Hacker News stories from All from the past day

from

All Show

from the past*

day week month

with these search terms:

Create follow Go back

Latest posts:

TC Energy scraps Keystone XL pipeline project after Biden revokes key permit

Vivaldi 4.0

Tell HN: SMS-based two-factor authentication is not secure

SMS-based Two-Factor Authentication is not Secure. I’ve read this before but brushed it off. It wouldn’t happen to me. It did.<p>I am with Boost Mobile. On Sunday night I received a text message that my PIN was changed. Within minutes I confirmed this to be true on my PC. I used the Boost application on my phone to change the PIN and received a confirmation text.<p>A few minute later I received a text message welcoming me to Metro PCS.<p>A few minute later I received emails to my business email that my account security information was deleted from my person email account. They used SMS authentication to my mobile number, that they now have control of to gain access.<p>A few minutes later I received an email there was an account recovery attempt on my coinbase.com account.<p>It took less than 30 minutes for these events to transpire.<p>I've spent about 15 hours trying to get my phone number and my email address back to my control.<p>I've accumulated a list of eight other people in the Boost Mobile Reddit.com forum where the exact same thing happened to them.<p>I filed a police report and filed a report with the FCC. I received a response from the FCC that they have started the inquiry and contacted Boost.<p>I finally did get my cell phone number ported back to Boost. I have not gained control of my Microsoft email address.<p>I didn’t realize I could only have messages of 2,000 characters. So I will wrap this up.<p>When account settings were changed, Coinbase gave me a link to lock my account, Microsoft gave me a link to log in to my account, which I no longer have control of.<p>Unlike competitors, which allow pins from 6 to 15 characters and for accounts to be administrative locked, Boost offers none of these options. The last Boost operator suggested I pick a more secure PIN.<p>I am calculating my losses and documenting all interactions.

Facebook extends its work-at-home policy to most employees

Facebook extends its work-at-home policy to most employees

El Salvador makes Bitcoin legal tender

If you sell a house these days, the buyer might be a pension fund

Bosch opens German chip plant

Bosch opens German chip plant

Terraform 1.0

A Project of One’s Own

A Project of One’s Own

Althttpd: Simple webserver in a single C file

Ohio sues Google, seeks to declare the internet company a public utility

Ohio sues Google, seeks to declare the internet company a public utility

IRS records reveal how the wealthiest avoid income tax

Fastly Outage

“AI promised to revolutionize radiology but so far its failing”

Apple pays out millions to student after repair techs shared her personal images

Farmers Deserve the Right to Repair Their Tractors