Hello, welcome to the Thursday, October 24, 2019 edition of the Sancton Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Santa Monica, California.

Phone calls and SMS messages remain an important second factor to authenticate users, even though organizations like,

for example, NIST have advised against doing so for a few years now.

As a result, we had a number of high-profile attacks over the last year or so, where sim swapping was used in order to impersonate

users. Sim-swapping typically refers to an attacker registering a new or a second phone

with a particular target's account, so they're able to receive phone calls or SMS messages

in addition or instead of the victim. In response to these attacks, the Federal Trade

Commission now came up with a brief guidance for consumers on how to protect themselves from these type of attacks.

First of all, they recommend not necessarily to reply to calls and emails with personal information,

also to limit the personal information that's shared online, particular phone numbers, of course,

and probably most

importantly to set up a pin or a password for a cellular account.

They also recommend just not to use a phone as a second factor, but of course you don't always

have the option to do so.

It's a fairly nice brief and to the point blog post,

so something good to share with relatives and others

that may not quite be as aware of this particular tactic.

A lot of modern applications take advantage of the electron framework. Electron applications are

written essentially using web technologies like HTML, style sheets and JavaScript, and then

execute it on a system just like any other native application.

A couple notable examples of, for example, Skype and Slack, but also Discord.

...