My 2 cents ...
SUBJECT:
Re: [GTALUG] "AI" on getting correct technical answers
DATE:
2024-01-15 11:47
FROM:
o1bigtenor via talk <[email protected]>
TO:
GTALUG Talk <[email protected]>
On Mon, Jan 15, 2024 at 8:56 AM Alvin Starr via talk <[email protected]>
wrote:
[snip]
You don't need a cell phone number but need to have a number that will
accept SMS.
VOIP services offer numbers with SMS features.
[Steve Petrie]
My personal policy is dead simple. Any seller / provider REQUIRING me to
receive SMS doesn't get my business. If they WON'T send me a code via
email, I WON'T use their service. So far so good.
One SMS flaw I encountered, was when someone sent me an SMS message
(which I never saw because I have no SMS service subscription), and the
sender claimed they got no bounce message. If this SMS "black hole"
phenomenon exists, that's a REALLY BAD THING.
* * *
* * *
[o1bigtenor]
[snip] I am considering using voip if not for everything as voip dies
when the power does and that's a serious flaw!
[Steve Petrie]
My "land line" phone service via a (wall-mounted) Bell Canada-provided
Sagemcom HomeHub 4000 modem in my apartment, ALSO DIES WHEN THE POWER
FAILS in my apartment. Bell's recommendation is for the Sagemcom
4000-equipped subscriber to purchase their own UPS to assure Sagemcomm
4000 operational continuity. Power outages being so very rare in
Toronto, I consider it a waste of $ to buy a UPS.
Supposedly (per Bell Canada), from the fibre-side of the Sagemcom 4000
modem in my apartment, all the way to battery-backed Bell upstream
electrical-powered facilities, 100% passive fibre facilities in Bell's
pole-mounted fibre equipment, require NO ELECTRICAL POWER to operate.
[snip]
[o1bigtenor]
Hm - - - - it was some time in the first 1/2 of 2012 when a VP at
Microsoft
issued the announcement that for those that were logging in off campus
that it would be thenceforth required to use 2FA (as either SMS or
email).
[snip]
What none of these boffins seems to be aware of is that the same
individual
in early 2019 sent a similar email to the same recipients that " . . .
due to the inherent insecurity of [snip] open email systems
[Steve Petrie]
What's "insecure" about email over SMTP ?? Has always seemed rock solid
to me. If your OUTBOUND message doesn't get delivered to the recipient,
you receive a bounce notification.
My understanding is that SMTP has a tiny hole where outbound message
non-delivery does not issue a bounce report email to the sender. Never
encountered this tiny glitch myself.
As for spoofed INBOUND messages, they are always obvious by their
general nature. Hackers don't know my personal context, so they can only
send me absurdly generic email content.
IMHO -- entering a password into a web page + entering a confirmation
code sent to my email address, IS 2FA.
Is it EVEN POSSIBLE for a clever hacker to spoof my email inbox and
steal my inbound email messages ??
I suppose this would require the hacker to: (1) steal my password
protecting my email access login at my email hosting provider, or (2)
Steal my password protecting my personally-maintained DNS records at my
DNS provider, or (3) hack my email hosting provider's infrastructure, or
(4) hack my DNS provider's infrastructure.
[snip]
---
Post to this mailing list [email protected]
Unsubscribe from this mailing list
https://gtalug.org/mailman/listinfo/talk---
Post to this mailing list [email protected]
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
