Ars Technica: Password breach teaches Reddit that, yes, phone-based 2FA is that bad

Ars Technica: Password breach teaches Reddit that, yes, phone-based 2FA is that bad. “In a post published Wednesday, Reddit said an attacker breached several employee accounts in mid-June. The attacker then accessed a complete copy of backup data spanning from the site’s launch in 2005 to May 2007. The data included cryptographically salted and hashed password data from that period, along with corresponding user names, email addresses, and all user content, including private messages. The attacker also obtained email digests that were sent between June 3 and June 17 of this year. Those digests included usernames and their associated email address, along with Reddit-suggested posts from safe-for-work subreddits users were subscribed to.”

The Verge: Facebook admits SMS notifications sent using two-factor number was caused by bug

The Verge: Facebook admits SMS notifications sent using two-factor number was caused by bug. “Facebook this evening clarified the situation around SMS notifications sent using the company’s two-factor authentication (2FA) system, admitting that the messages were indeed caused by a bug. In a blog post penned by Facebook Chief Security Officer Alex Stamos, the company says the error led it to ‘send non-security-related SMS notifications to these phone numbers.'”

Warning: A simple text message can crash iOS and macOS (BetaNews)

BetaNews: Warning: A simple text message can crash iOS and macOS. “The chaiOS bug, as it’s been dubbed, links to a page of code on GitHub. When the recipient clicks on the link, Apple’s Messages app freaks out, and ultimately crashes. Bugs like this are a nuisance rather than a genuine worry, and Apple does tend to roll out updates for such issues pretty quickly, so there’s a good chance it will be fixed in the near future.” I don’t think this has been weaponized, so it’s more of an “Oh boy this is annoying” issue than a security issue.

Digital Trends: Here’s how to send a text from your email account

Digital Trends: Here’s how to send a text from your email account. “Despite the fact that just about everyone can read their email on their smartphone, there will always be times and situations in which it is more advantageous to send a short email as a text. This is particularly useful if you’re emailing a non-smartphone user, need to send a text when you’re away from your phone, or want to use a text for branding purpose.”