The attack vector is as follows:
- Evil.com phishes a user and asks for username and password for Good.com
- Evil.com immediately relays those credentials to Good.com
- Good.com asks Evil.com for TOTP
- Evil.com asks victim for TOTP
- Evil.com relays TOTP to Good.com and does a complete account takeover
The various physical dongles prevent this by using the asking domain as part of the hash. If you activated the dongle on Evil.com, it’ll do nothing on Good.com (except hopefully alerting the SOC at Good.com about a compromised username and password pair).
I respectfully disagree with one major caveat. I’ll get that out of the way first; I think there should be a name for these foods that recognize the creators (e.g. Italian American food is American food that comes from Italian immigrants). We’ve traditionally been bad at giving credit or, worse, using names to mark a cuisine as “other” and weird.
The thing is that there really isn’t a food of a place. People use ingredients that are available and use techniques from the people around them. When cultures interact, they create remixes of cuisine that take unfamiliar ingredients and techniques and create something new.
Let me use the food of my own home, New Mexico, as an example. The food of the region is a mixture of Spanish colonizers, later Mexican immigrants, and Native American foods using a crazy combination of techniques and ingredients from all three. It isn’t Spanish food. It isn’t Mexican food. It isn’t Native American food. It is New Mexican food, a thing that arose from a place and its history. Now, with Asian immigrants moving in, the food has started to incorporate stuff from those cultures too.