Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Life is a whim of several billion cells to be you for a while.

computers / misc.phone.mobile.iphone / How to Safeguard Against iPhone Password Reset Attacks

SubjectAuthor
* How to Safeguard Against iPhone Password Reset AttacksGelato
`- Re: How to Safeguard Against iPhone Password Reset AttacksAlan Browne

1
How to Safeguard Against iPhone Password Reset Attacks

<v0b6nt$gbt$1@rasp.pasdenom.info>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=13022&group=misc.phone.mobile.iphone#13022

  copy link   Newsgroups: alt.privacy misc.phone.mobile.iphone
Path: i2pn2.org!i2pn.org!news.niel.me!pasdenom.info!.POSTED.public-nat-07.vpngate.v4.open.ad.jp!not-for-mail
From: gel...@.is.invalid (Gelato)
Newsgroups: alt.privacy,misc.phone.mobile.iphone
Subject: How to Safeguard Against iPhone Password Reset Attacks
Date: Wed, 24 Apr 2024 10:59:10 -0400
Organization: <http://pasdenom.info/news.html>
Message-ID: <v0b6nt$gbt$1@rasp.pasdenom.info>
Injection-Date: Wed, 24 Apr 2024 14:59:10 -0000 (UTC)
Injection-Info: rasp.pasdenom.info; posting-account="gelatiamenta@usenet"; posting-host="public-nat-07.vpngate.v4.open.ad.jp:219.100.37.239";
logging-data="16765"; mail-complaints-to="abuse@pasdenom.info"
User-Agent: tin/2.4.5-20201224 ("Glen Albyn") (Linux/5.10.19-200.fc33.x86_64 (x86_64))
Cancel-Lock: sha1:WToDj1uPbjV4bOQMY7AN6v7TM7E= sha256:TmtV19I2mwc0spOaAe6S8lAx8Ao03FsGKotQCkOM2GY=
sha1:VULaaBpszRBknn/fP2798zix1IY= sha256:MczmrU4HUC05RunccIlvCai5xiJ0XPouNlPG7dhlFR8=
 by: Gelato - Wed, 24 Apr 2024 14:59 UTC

How to Safeguard Against iPhone Password Reset Attacks

There's been a concerning trend in iPhone security lately: the increase in
iPhone password reset attacks, also called "MFA bombing." This sneaky
tactic floods users with iOS prompts through the Apple ID password reset
system, attempting to gain control of their accounts. As a result, Apple
users should enhance their defenses against these deceptive schemes.

MFA bombing, also known as MFA fatigue or push bombing, involves
overwhelming victims with numerous official iOS password reset prompts.
According to Krebs on Security, malicious actors exploit this vulnerability
by sending over a hundred multi-factor authentication (MFA) prompts to the
victim's iPhone and other Apple devices using their phone number, forcing
them to reset their Apple ID password.

Despite Apple's efforts to address the issue, occasional attacks still
occur, highlighting the persistent risk. Personal anecdotes, such as
encountering password reset prompts on iPhones and Macs, demonstrate the
prevalence of this threat.

Here are steps to protect yourself from iPhone password reset attacks:

Say no to password resets.
Always choose "Don't Allow" when facing official-looking reset requests to
thwart attackers.

Be careful with incoming calls.
Given the rise in call spoofing, avoid sharing personal information or
one-time codes over the phone to protect against scammers. If uncertain,
refrain from answering and contact Apple through trusted channels.

Change your phone number if needed.
If you're continuously receiving prompts, think about temporarily changing
the phone number connected to your Apple ID. Keep in mind that this could
impact iMessage and FaceTime functionalities.

https://www.bolnews.com/latest/2024/04/how-to-safeguard-against-iphone-password-reset-attacks/

Re: How to Safeguard Against iPhone Password Reset Attacks

<JIeWN.1777$paNb.1257@fx33.iad>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=13045&group=misc.phone.mobile.iphone#13045

  copy link   Newsgroups: misc.phone.mobile.iphone
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx33.iad.POSTED!not-for-mail
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: How to Safeguard Against iPhone Password Reset Attacks
Content-Language: en-US
Newsgroups: misc.phone.mobile.iphone
References: <v0b6nt$gbt$1@rasp.pasdenom.info>
From: bitbuc...@blackhole.com (Alan Browne)
In-Reply-To: <v0b6nt$gbt$1@rasp.pasdenom.info>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Lines: 21
Message-ID: <JIeWN.1777$paNb.1257@fx33.iad>
X-Complaints-To: abuse@usenetserver.com
NNTP-Posting-Date: Wed, 24 Apr 2024 21:20:41 UTC
Organization: UsenetServer - www.usenetserver.com
Date: Wed, 24 Apr 2024 17:20:41 -0400
X-Received-Bytes: 1622
 by: Alan Browne - Wed, 24 Apr 2024 21:20 UTC

On 2024-04-24 10:59, Gelato wrote:
> How to Safeguard Against iPhone Password Reset Attacks
>
> There's been a concerning trend in iPhone security lately: the increase in
> iPhone password reset attacks, also called "MFA bombing." This sneaky
> tactic floods users with iOS prompts through the Apple ID password reset
> system, attempting to gain control of their accounts. As a result, Apple
> users should enhance their defenses against these deceptive schemes.
>
> MFA bombing, also known as MFA fatigue or push bombing, involves
> overwhelming victims with numerous official iOS password reset prompts.

This is a bit stale as an issue.
Other than breezy media announcements I've not heard of anyone actually
struck by this attack.

--
“Patriotism is when love of your own people comes first;
nationalism, when hate for people other than your own comes first.”
- Charles de Gaulle.

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor