Hacker News new | past | comments | ask | show | jobs | submit login

[flagged]



You clearly don't understand how SE can be used even if Yubikey or WebAuthn are used here.

Perhaps you'd like to explain instead of insult someone you know nothing about (which violates HN guidelines).


I mean, "social engineering" is pretty broad; saying MFA can't stop social engineering is like saying password managers can't stop hacking, or HTTPS can't stop spying. I mean, sure... but Webauthn would have in fact stopped this type of social engineering attack (which was a fake login page). And scanning internal networks for hardcoded secrets would have stopped this type of privilege escalation afterwards.

Security is never absolute, but we're not talking about a nation-state/APT attack here; current reports seem to indicate this was a bored 18 year old acting alone.


I get what you are saying now. Agree if the right actors are on it, all those doesn’t matter. Sorry about that.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: