On 2020-01-27 at 01:42 +, John Levine via mailop wrote:
> In article <1580084583.939.2.ca...@16bits.net>,
> Ángel via mailop wrote:
> >> I like TOTP codes because you can install the keys into multiple
> apps ...
>
> >Not supported by Google, though.
>
> The gmail app on my phone would be su
On Mon, Jan 27, 2020 at 3:19 AM Alessandro Vesely via mailop <
mailop@mailop.org> wrote:
> On 27/01/2020 08:03, Brandon Long via mailop wrote:
> >
> > The other end of this, what do you do when someone presents the right
> > password to log in, is it a hijacking or not? What happens is a risk
> >
On 26 Jan 2020, at 16:23, Ángel via mailop wrote:
I like them as 2FA solution, too. Simple, standard, offline, vendor
neutral, not vulnerable to MITM...
Ahem. If the attacker manages to position themself in between your
session, they get a chance at your TOTP. Same attack scenario as with
On Mon, Jan 27, 2020 at 12:06 AM Andrew C Aitchison
wrote:
>
> That is pretty much what I thought, and I agree that this all is good to
> do.
>
> I accept that in reality professional bad-guys are the biggest risk, but
> in my paranoia I am more afraid of what happens if my phone slips out of
> m
On 27/01/2020 08:03, Brandon Long via mailop wrote:
>
> The other end of this, what do you do when someone presents the right
> password to log in, is it a hijacking or not? What happens is a risk
> assessment of the login, is it from the usual location? Usual country?
> Usual device type? Is i
Dnia 26.01.2020 o godz. 23:03:35 Brandon Long via mailop pisze:
>
> Passwords are terrible and completely broken. They are generally poorly
> chosen,
> weak, and re-used. The result is extreme levels of hijacking. On top of
> that, people
> forget their passwords and this isn't something like
That is pretty much what I thought, and I agree that this all is good to do.
I accept that in reality professional bad-guys are the biggest risk, but
in my paranoia I am more afraid of what happens if my phone slips out of
my pocket in a public place.
Assuming the person who picks it up can unlo
On Sun, Jan 26, 2020 at 10:35 AM Andrew C Aitchison via mailop <
mailop@mailop.org> wrote:
> On Sun, 26 Jan 2020, Jaroslaw Rafa via mailop wrote:
>
> > Similar thing happened to me recently when I wanted to re-login to one of
> > those test accounts from my home computer, but I installed a new bro
In article <1580084583.939.2.ca...@16bits.net>,
Ángel via mailop wrote:
>> I like TOTP codes because you can install the keys into multiple apps ...
>Not supported by Google, though.
The gmail app on my phone would be surprised to hear that, since I've
been logging in with TOTP codes for years.
On 2020-01-26 at 19:30 +, John Levine via mailop wrote:
> In article ,
> Andrew C Aitchison via mailop wrote:
> >I have lost enough physical keys over the years to worry about what
> >happens if I lose my phone (which does not have a finger print reader) ...
>
> I like TOTP codes because you
In article ,
Andrew C Aitchison via mailop wrote:
>I have lost enough physical keys over the years to worry about what
>happens if I lose my phone (which does not have a finger print reader) ...
I like TOTP codes because you can install the keys into multiple apps
on multiple devices, and since t
On 2020-01-26 11:32 a.m., Andrew C Aitchison via mailop wrote:
On Sun, 26 Jan 2020, Jaroslaw Rafa via mailop wrote:
Similar thing happened to me recently when I wanted to re-login to
one of
those test accounts from my home computer, but I installed a new browser
which was not yet used with tha
On Sun, 26 Jan 2020, Jaroslaw Rafa via mailop wrote:
Similar thing happened to me recently when I wanted to re-login to one of
those test accounts from my home computer, but I installed a new browser
which was not yet used with that account. Usually there are no problems in
such a case, but my h
Dnia 26.01.2020 o godz. 02:30:57 Ángel via mailop pisze:
> The safest way to avoid this dance seems to be not to provide
> any phone at all (or one for every user, perhaps, which is also
> suboptimal).
Not providing a phone number at all also doesn't help sometimes.
As I have already written, whe
On 2020-01-23 at 11:44 -0700, Raymond Burkholder via mailop wrote:
> I went to log into Youtube, and Google says my device is unknown, and
> wants to send a confirming text to a telephone number I no longer
> have.
>
> The email confirmation methods all work, and validate my account. Yet
> Googl
In article <20200123185907.ga4...@rafa.eu.org> you write:
>Dnia 22.01.2020 o godz. 23:31:13 John Levine via mailop pisze:
>> At some point I give up and hit the spam button.
>
>And thus you are training Google's AI to treat completely legit (only
>misdirected) messages as spam.
If they keep sendin
Michael Peddemors:
> Really wish there was a verifiable way to see that it was a 'Double Optin/
> COI' email..
Has anybody investigated that area?
I think the recipient's ISP would have to get involved with the signup and
unsubscribe process and keep track of which lists the user is signed up
message (this time to the correct address), it will end up in the
recipient's spam folder, without them knowing why.
Don't do it to them. Just delete those messages, don't put them to spam.
I disagree. If the sender wants eyeballs to see their emails, they need
some incentive to put in place the
>> Dnia 22.01.2020 o godz. 23:31:13 John Levine via mailop pisze:
>>> At some point I give up and hit the spam button.
>>
>> And thus you are training Google's AI to treat completely legit (only
>> misdirected) messages as spam.
>> Maybe one day these senders will find out that when they send anoth
> Dnia 22.01.2020 o godz. 23:31:13 John Levine via mailop pisze:
>> At some point I give up and hit the spam button.
>
> And thus you are training Google's AI to treat completely legit (only
> misdirected) messages as spam.
> Maybe one day these senders will find out that when they send another
> m
I often speak on this topic to ISP's, and I remind them, never argue
with your customer on what is spam, and what isn't spam..
Sure, block/mark the 99% that is pretty obvious and fits everyone's
definition of spam, by let your USERS decide on the fringe cases..
"If a message is in the spam fo
Dnia 23.01.2020 o godz. 13:39:33 Anne P. Mitchell, Esq. via mailop pisze:
>
> > "Spam is whatever my users say it is."
>
> And, delightfully, even CAN-SPAM says (essentially) that spam is whatever
> ISPs say it is.
And I would agree with that. But i would treat the term "ISP" *very
strictly*. T
Dnia 23.01.2020 o godz. 19:28:03 Andrew Wingle via mailop pisze:
>
> I can't recall the exact quote but a key rule is basically this;
>
> "Spam is whatever my users say it is."
> -Various Sources
Does work only when there is a small and somewhat homogenous community of
users, who have sim
> I can't recall the exact quote but a key rule is basically this;
>
> "Spam is whatever my users say it is."
And, delightfully, even CAN-SPAM says (essentially) that spam is whatever ISPs
say it is.
Anne
---
Anne P. Mitchell, Attorney at Law, Dean of Cyberlaw, Lincoln Law School of San
Jos
While most of the misdirected email I get is just a nuisance, just last week a
lawyer at a law firm in California, with whom I have no connection, emailed
documents in a case, with which I have no connection, to opposing counsel, with
whom I have no connection (are you a detecting a theme here?
pam is whatever my users say it is."
-Various Sources
Andrew Wingle
-Original Message-
From: mailop On Behalf Of Jaroslaw Rafa via mailop
Sent: Thursday, January 23, 2020 1:59 PM
To: John Levine
Cc: bl...@google.com; mailop@mailop.org
Subject: Re: [mailop] [FEEDBACK] whose address, was
Dnia 22.01.2020 o godz. 23:31:13 John Levine via mailop pisze:
> At some point I give up and hit the spam button.
And thus you are training Google's AI to treat completely legit (only
misdirected) messages as spam.
Maybe one day these senders will find out that when they send another
message (this
On 2020-01-23 11:17 a.m., Cal Frye via mailop wrote:
Once a gentleman on the west coast used my gmail address as his iTunes
account email. Not sure what was in his head, but he insisted that would
work just fine, and wouldn't fix it (for a couple of weeks). So I
changed his iTunes password and
Once a gentleman on the west coast used my gmail address as his iTunes
account email. Not sure what was in his head, but he insisted that would
work just fine, and wouldn't fix it (for a couple of weeks). So I
changed his iTunes password and locked his phone. Problem got resolved
very quickly a
In article
you write:
>This type of thing is depressingly common for addresses that are common
>names and such at the major providers. ...
No kidding. You would not believe (well, you, Brandom sure would) how
many people with names similar to mine believe that my address
john.lev...@gmail.com i
30 matches
Mail list logo
