Summary: <p>Reddit’s Two Factor procedures fail, while Google’s prevents years of attacks. We’ll look at the different approaches, and discuss the fundamental weakness of Reddit’s approach.</p> <p>Plus a Spectre attack over the network, BGP issues take out Telegram, and more!</p><p>Sponsored By:</p><ul> <li> <a rel="nofollow" href="http://techsnap.ting.com">Ting</a>: <a rel="nofollow" href="http://techsnap.ting.com">Save $25 off a device, or get $25 in service credits!</a> Promo Code: Visit techsnap.ting.com</li> <li> <a rel="nofollow" href="http://ixsystems.com/techsnap">iXSystems</a>: <a rel="nofollow" href="http://ixsystems.com/techsnap">Get a system purpose built for you.</a> Promo Code: Tell them we sent you!</li> <li> <a rel="nofollow" href="https://do.co/snap">Digital Ocean</a>: <a rel="nofollow" href="https://do.co/snap">Apply our promo snapocean after you create your account, and get a $10 credit.</a> Promo Code: snapocean</li> </ul><p>Links:</p><ul> <li><a title="Hey, don't route the messenger! Telegram redirected through Iran by baffling BGP leak" rel="nofollow" href="https://www.theregister.co.uk/2018/08/01/bgp_route_leak_telegram_iran/">Hey, don't route the messenger! Telegram redirected through Iran by baffling BGP leak</a></li> <li><a title="Finding and Diagnosing BGP Route Leaks" rel="nofollow" href="https://blog.thousandeyes.com/finding-and-diagnosing-bgp-route-leaks/">Finding and Diagnosing BGP Route Leaks</a></li> <li><a title="Cloud Leak: How A Verizon Partner Exposed Millions of Customer Accounts" rel="nofollow" href="https://www.upguard.com/breaches/verizon-cloud-leak">Cloud Leak: How A Verizon Partner Exposed Millions of Customer Accounts</a></li> <li><a title="New Spectre attack enables secrets to be leaked over a network" rel="nofollow" href="https://arstechnica.com/gadgets/2018/07/new-spectre-attack-enables-secrets-to-be-leaked-over-a-network/">New Spectre attack enables secrets to be leaked over a network</a></li> <li><a title="NetSpectre: Read Arbitrary Memory over Network" rel="nofollow" href="https://arxiv.org/abs/1807.10535">NetSpectre: Read Arbitrary Memory over Network</a></li> <li><a title="Password breach teaches Reddit that, yes, phone-based 2FA is that bad" rel="nofollow" href="https://arstechnica.com/information-technology/2018/08/password-breach-teaches-reddit-that-yes-phone-based-2fa-is-that-bad/">Password breach teaches Reddit that, yes, phone-based 2FA is that bad</a></li> <li><a title="We had a security incident." rel="nofollow" href="https://www.reddit.com/r/announcements/comments/93qnm5/we_had_a_security_incident_heres_what_you_need_to/?st=JKBEHH8G&sh=562ab497">We had a security incident.</a></li> <li><a title="Google Employees Use a Physical Token as Their Second Authentication Factor" rel="nofollow" href="https://www.schneier.com/blog/archives/2018/07/google_employee.html">Google Employees Use a Physical Token as Their Second Authentication Factor</a></li> <li><a title="Cisco is buying Duo Security for $2.35B in cash" rel="nofollow" href="https://techcrunch.com/2018/08/02/cisco-is-buying-duo-security-for-2-35b-in-cash/">Cisco is buying Duo Security for $2.35B in cash</a></li> </ul>
