this post was submitted on 12 May 2024
17 points (94.7% liked)

Melbourne

1865 readers
51 users here now

This community is a place created for the people of Melbourne and Victoria. We are a positive, welcoming and inclusive community. We might not agree about everything, but we always strive to stay civil and respectful.

The focus of our discussions is based around things that effect Victoria, but we are also free to discuss our local perspective on wider issues. Or head to the regular Daily Random Discussion thread to talk about anything.

Full Community Guidelines

Ongoing discussions, FAQs & Resources (still under construction)

Adoption Certificate for Nellie, the Daily Thread numbat (with thanks to @Catfish)

Feedback & Suggestions

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 6 months ago (1 children)

Correct, mfa ain’t enough. Especially in sensitive settings like the courts. Government gets twitchy about data going out of the country. You might even find dealing with the courts the mandate IS on prem.

But I’ve had clients/customers/whatever click on links and have their auth token stolen from the browser, allowed an attacker to come in totally bypassing mfa. I’ve also had customers have their phone number ported away to steal the sms auth. Shit is scary.

[–] [email protected] 2 points 6 months ago (1 children)

Pretty sure the court is mandated to be on prem if I recall from the interview. Browser stuff can be mitigated to a degree, but how the fuck do you stop number porting and Sim cloning?

[–] [email protected] 2 points 6 months ago

So MS are dropping SMS auth totally. MFA requires an app, or it will. Its a VERY slow rollout.