A) discord

B) make friends with one person that does this or plays with other groups, then join them when they are playing with others

You can probably get the URL for a companies SharePoint pretty easily, but you need a login. You are able to get a PAs credentials through a phishing link etc but need the 2fa code.

You do the IT phishing attack (enter this code for me to fix your laptop being slow…), get them to enter the code and now you have access to a SharePoint instance full of confidential docs etc.

I’m not saying it’s a great attack vector, but it’s not that different to a standard phishing attack.

You could attack anything that’s using the single sign on. Attack their build infrastructure and you now have a supply chain attack against all of their customers etc.

It helps but its not enough to counter the limits of human gullibility.

It requires the bad guy to go to the page and ask the user to enter the code the bad guy gets

It’s not that different is it? You still need to get a user to share/enter a live code?

From a practical PoV - most people have their phone on them all the time. A work phone or a physical token can (and will) get forgotten, a personal phone much less.

Bad actor goes to super secret page while working on ‘fixing’ and issue for the user. They then get the 2 digit request code and ask the user to input it to ‘resolve’ the issue.

Mostly the same as any other 2fa social engineering attack I guess, but the users phone does display what the code is for on the screen which could help… But if your falling for it probably not.

They said that the option to use other authenticators were disabled by their company

The ms authenticator works in ‘reverse’ in that you type the code on the screen into the phone. I assume this is preferable to corporate as you can’t be social engineered into giving out a 2fa token. It also has a “no this wasn’t me” button to allow you to (I assume) notify IT if you are getting requests that are not you.

I don’t believe that the authenticator app gives them access to anything on your phone? (Happy to learn here) And I think android lets you make some kind of business partition if you feel the need to?

A niche subject just makes it easier to be in the top 25%

Humorous questions on the survey probably are though

You can trivially copy and ebook though, so can’t prove deletion.

huh, TIL

Dentist!?!

75/15

Everyone around me is getting fiber, but I’m on a private/unadopted road, so not for me 😭

That ‘all’ is all of the communities and posts your server knows about. You are on a pretty big (I think?) server, so it’s probably pretty good. For people on smaller servers like the one I’m on, it won’t have a lot of the smaller niche communities on there as no one from my server has ever visited them.

If I made a new community on my instance and posted stuff there, you wouldn’t see it in your ‘all’ feed unless someone from lemme.ee visited the new community first.

Not tried it, does it not work?

Are your language preferences set on your account? (open your account settings on the website rather than an app)

Or are these all posts with their language set to undefined?

More options around that in general. I would love a spoiler flag that does the same blur as NSFW but isn’t filtered out by the ‘show NSFW’ checkbox.

I guess the ‘simple’ way of doing this would be adding tags to communities like ‘art’ ‘hobbies’ ‘sport’ ‘football’ etc. This might then let the app suggest others based on the tags you are subscribed to.

It would probably still require some AI/analytics to work out the links based on user activity in different communities/tags but I think it would make it easier to group interests and promote smaller communities.

It could also improve Lemmy visibility in Masterdon if the tags are used as hashtags or something. (Would require more work)

Practical Engineering has a lot of civil engineering videos explaining how a lot of the infrastructure we rely on works/was built.

He uses a lot of well filmed practical demonstrations in his garage to explain the concepts.