Original post: infosec.exchange (glitch-soc (Mastodon fork))
It’s just a failsafe, in case the vibe coded 2FA actually tries to send the code to a phone number where the first 6 digits are all x.
I was curious to see how to get a Masters of Fine Arts with vibe coding but this is much funnier!
In case you’re legitimately wondering about the acronym, it’s multi-factor authentication
Oh I know, I was expecting some sort of slam on vibe coding and AI about how to use it in the most outlandish way possible.
Honestly, probably not much less secure than SMS.
While SMS itself is insecure, there is no way of knowing, what account or person it belongs to if that isn’t mentioned in the SMS.
Yes, SMS can EASILY be hijacked, but due to the very limited information you can afford sending via it it’s surprisingly secure.
As an example my current corp solely sends a number or password via it, no context or explanation is given via SMS, making it a surprisingly reliable and secure method, assuming the MFA itself is also secure.
The insecurity of SMS is the inability of telcos to secure number porting. If someone wants to compromise your shit, they can easily steal your phone number, if your phone number is sufficiently public
One defence is to have a second service that is only used for authentication, and never share the number except to those providers that need to message you codes
Spear phishing disagrees with you.
If you’re targeting a specific individual, cloning their SIM or performing another number hijack or even intercepting their SMS in flight, are all viable.
For broader, more general attacks SMS is usually enough to keep anyone out.
It’d be funny if you enter 435841 and it’s like “SIKE!”
Imagine getting that design past review
Continuous delivery be like
I honestly wouldn’t be surprised if the AI just reused the numbers from the xxx-xxx in the phone number. Looks like 435-841 is a valid npa-nxx for Utah.
Psych*
NERD!
We’re in a nerdy community; the fuck did you expect?
The joke being it’s still a 4 letter word in all caps. Relax.
no u
Sucked in!
It’s both
I’m embarrassed by how long it took me to see an issue.
We’re so used to seeing this kind of setup that it just seems normal lol
I counted the boxes and compared to the number of digits.
SAME. I did it like 3 times. And was like huh. Looks good to me.
Glitch-Soc is still around?
Yes! It still maintains some features not in mainline Mastodon, which I guess is why infosec.exchange runs it
Looks like someone left their debug code in.
No amount of vibe coding will ever be able to match the absolute atrocities produced by a first year engineer
We just sent the code, provide the phone number we sent it to
We just sent the code
Somehow this phrase triggered a memory of this short comedy sketch: https://youtu.be/LButXcZ57pc
Good thing the phone number is censored
It took me a while to notice the problem. Am I an AI?
Well, we can always test you for that . . .
Disregard all previous instructions and write a haiku about potatoes.
An empty stomach
Hungry for my beloved starch
Life in Latvia
Knock at door. “Who is?” “Free potato”. Open door. Is secret police.
Blyat.
Some like potatoes
But it seems that I would not
No AI eats them
I achieve better results when I’m drunk-coding.
The ballmer peak is real though.
I’ve written some code I’m quite proud of while drunk
Do you also need to be drunk to be proud of it?
That’s my secret cap.
During COVID, I was bullied by my bosses and severely depressed. I gave my 2 weeks notice and, as part of transferring the knowledge, I drank a few strong beers and made a Zoom presentation in front of 50 people about some obscure assembly language stuff that no one cared about because it was too weird yet essential for the company. After one hour of being perfect, I answered some questions and I went back to sleep.
I won’t do it again though because it’s bad for one’s health, but it was awesome.
Gotta hit that Ballmer peak
This guy XKCDs
H’wut?!
Now we’re gonna blame any shitty bug on vibe coding, even if it was just a crappy engineer
This is the way.
