Hello and welcome to the Monday, February 20th, 2020, 3 edition of the San San Antonio Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

This weekend, we had a couple of quick diaries, one by Guy about, well, fishing emails that we actually got in

our internet storm center inbox. Yes, we do get fishing emails too, thanks to all the

fishing actors, sending them to us to give us something to write about. Guy used it to actually,

well, look at some recent trends here in these phishing emails.

One thing he noticed is a lot of use of IPFS.io to host some of the malicious content. IPFSio is the

interplanetary file system. I think I mentioned a couple times before. It's sort of a distributed system

to host files, which of course makes it quite difficult to take anything down there, even though

they do have some takedown mechanism built into this side, if I remember correctly. Also,

one important note here, many of these emails, well, no longer any

typos. Sometimes actually, real emails have more typos than some of these phishing emails.

Fishing emails do know about spell checkers. So that makes them, of course, a little bit more

difficult to identify.

Looking for DNS requests for IPFS.io, certainly worthwhile, I think, but yes, there are some

legitimate uses here. So keep an eye on it, but I wouldn't outright block it at this point.

And Twitter late last weekend, this weekend, caused quite a stir by altering the way they're

using two-factor authentication.

And now you had always three different ways to do two-factor authentication with Twitter.

There was SMS, so text messages. There was the

one-time passport authentication app, also sometimes known as Google Authenticator, and then you could

also use security keys. The change now is that you are no longer able to use SMS. If you're

...