Meta's security team seemingly does not care. My mom had her long-time Facebook account taken over during the summer. It was a credentials stuffing attack (she's now using a password manager with random passwords), and the bad actor immediately put on 2fa TOTP and signed up for some advanced security so the account couldn't be recovered without the 2fa.
We spent weeks trying to recover the account, but recovery codes weren't being sent through to her email or phone, the email and phone that has been on the account for 10+ years. The bad actor started making posts that she had cars to sell and to message her if they wanted to buy (also claiming that her sister was sick and she needed the money which is why she was selling the cars, completely untrue) Tens of her friends including her son reported the account as taken over and the posts as fraudulent. All responses from Facebook saying there was no indication of anything violating the guidelines, which is insane because all this behavior taken together screams account takeover.
Eventually, I reached out to a friend who worked at Meta who filed an internal report and we were hopeful that might actually fix it, but nothing ever came of it and when I reached out to the friend a month later he said the report was closed and he couldn't see any more details (for security reasons). If my mom meeting me in person, and me reaching out to my former teammate on a live phone call and proving my identity, and that teammate filing a report with the security team can't get it fixed, what can?
At this point, we think the original account is still up (we can't see, since the bad actor has blocked the entire family) and every new account she makes gets deleted for being a sockpuppet / ban evader.
She's devastated that someone ruined her online life like this, and that she was in Facebook groups for her career that she no longer has access to, she can no longer keep up with her friends and family. So many local businesses post their events and updates on Facebook and she has no ability to see these anymore.
We don't know what to do next. I'm so thoroughly disappointed with how Meta handled the situation. It's clearly an account takeover if someone looked at the account and the indicators. I think our next step is to write a letter to Meta legal alleging gross neglect after being presented with evidence of identity theft. Maybe that finally would get someone's attention. I'm nearly to the point where I would potentially spend thousands of dollars of my own money for a lawyer just to prove a point.
There's a difference between the food that's been eaten over the past thousands of years and the food that we all eat today. I suppose if you look at this the right way, it's another argument in favor of evolution. Teeth are optimized for hunter/gatherer diet and lifespans. Doesn't matter if your teeth rot out by 50 if you die in your 30-40s
> current_timestamp will not work properly when wanting to set the default date to the current time. This is because current_timestamp does not include timezone information and therefore when parsing the date string from the database, JavaScript will assume it is in local time when it is in fact in UTC time.
This might be the answer to an unusual date bug I noticed years ago but haven't prioritized fixing in a personal project. TIL!
When my company did layoffs last year, neither my manager, or my manager's manager, or my manager's manager's manager knew before the moment we all knew if we were staying or not. You had to go up to the VP level to find anyone who was involved in planning the layoffs.
When the VP has about a thousand engineers recursively reporting up to them, how are they supposed to be able to decide who stays and who goes. We were told that the layoffs weren't performance related, but at that level of distance what useful signals are there outside of the performance rating?
I genuinely take the baroque comment as a complement. There's many paths to a solution and this was a fun one that ended up working for me.
Thanks for the pointers for those programs. Someone else pointed out Kaitai Struct could help me do the hex editing which I'm planning on taking a look at later
Now that you've mentioned that, that section is a lot more readable to me. Cheers! My C skills are inversely correlated to my body's uptime and it was probably around 1:30AM when I reached that part of the story
Haha, I'm happy to agree to disagree here. In my book doing hex editing on a binary file and overriding what my system thinks the monitor is reporting to ultimately solve the problem feels enough like a hack (http://catb.org/jargon/html/meaning-of-hack.html).
As someone else noted, I'm considering overwriting the EEPROM in the monitor but I'd like to be 100% certain that's correct before I try it (one of the reasons I posted to HN was to see if folks thought I was going down the wrong path). I'm actually going to try a completely new cable first in case it's a bandwidth issue.
I saw this was noted online as a potential issue so I did try two different cables first and neither of them worked. It's completely possible that neither of those cables were up to spec either, so I've ordered one that is VESA Certified
to support DisplayPort 1.4 and I'll have to check and see if they work without the hack when they come in. I'm on my Mac now and it just lists 85 and 50 Hz in the display settings which seems odd.
FWIW, ChatGPT asks for your number just as an "are you a human" method. It never uses it for 2FA (at least never for me), so as long as you have service the one time your signing up, you'll never get another OTP challenge.
We spent weeks trying to recover the account, but recovery codes weren't being sent through to her email or phone, the email and phone that has been on the account for 10+ years. The bad actor started making posts that she had cars to sell and to message her if they wanted to buy (also claiming that her sister was sick and she needed the money which is why she was selling the cars, completely untrue) Tens of her friends including her son reported the account as taken over and the posts as fraudulent. All responses from Facebook saying there was no indication of anything violating the guidelines, which is insane because all this behavior taken together screams account takeover.
Eventually, I reached out to a friend who worked at Meta who filed an internal report and we were hopeful that might actually fix it, but nothing ever came of it and when I reached out to the friend a month later he said the report was closed and he couldn't see any more details (for security reasons). If my mom meeting me in person, and me reaching out to my former teammate on a live phone call and proving my identity, and that teammate filing a report with the security team can't get it fixed, what can?
At this point, we think the original account is still up (we can't see, since the bad actor has blocked the entire family) and every new account she makes gets deleted for being a sockpuppet / ban evader.
She's devastated that someone ruined her online life like this, and that she was in Facebook groups for her career that she no longer has access to, she can no longer keep up with her friends and family. So many local businesses post their events and updates on Facebook and she has no ability to see these anymore.
We don't know what to do next. I'm so thoroughly disappointed with how Meta handled the situation. It's clearly an account takeover if someone looked at the account and the indicators. I think our next step is to write a letter to Meta legal alleging gross neglect after being presented with evidence of identity theft. Maybe that finally would get someone's attention. I'm nearly to the point where I would potentially spend thousands of dollars of my own money for a lawyer just to prove a point.