jm + fastmail   3

When two-factor authentication is not enough
Fastmail.FM nearly had their domain stolen through an attack exploiting missing 2FA authentication in Gandi.
An important lesson learned is that just because a provider has a checkbox labelled “2 factor authentication” in their feature list, the two factors may not be protecting everything – and they may not even realise that fact themselves. Security risks always come on the unexpected paths – the “off label” uses that you didn’t think about, and the subtle interaction of multiple features which are useful and correct in isolation.
gandi  2fa  fastmail  authentication  security  mfa  two-factor-authentication  mail 
april 2014 by jm
Mac OS 10.9 – Infinity times your spam
a pretty stupid Mail.app IMAP bug hoses Fastmail:
Yes you read that right. It’s copying all the email from the Junk Folder back into the Junk Folder again!. This is legal IMAP, so our server proceeds to create a new copy of each message in the folder. It then expunges the old copies of the messages, but it’s happening so often that the current UID on that folder is up to over 3 million. It was just over 2 million a few days ago when I first emailed the user to alert them to the situation, so it’s grown by another million since. The only way I can think this escaped QA was that they used a server which (like gmail) automatically suppresses duplicates for all their testing, because this is a massively bad problem.
osx  bugs  mail.app  mail  imap  fastmail  fail 
october 2013 by jm
FastMail and sessions
a clever HTTP session-management trick (via Tony Finch)
via:fanf  web  http  sessions  cookies  fastmail  from delicious
march 2010 by jm

Copy this bookmark:



description:


tags: