WebApp Sec mailing list archives
Re: ual Factor/Adaptive Authentication
From: "Saqib Ali" <docbook.xml () gmail com>
Date: Thu, 4 May 2006 07:56:36 -0700
On 5/3/06, Casey DeBerry <cdeberry () cobizinc com> wrote:
If you are in any way governed by FFIEC, this is your MO for 2006. I had an introduction to RSA's offering today which included recently purchased Passmark, and Cyota's converged solution. Initially, I was
BofA uses Passmark (see http://www.bankofamerica.com/privacy/passmark/ ). The security concerns of Passmark was dicussed on Full disclosure see: http://seclists.org/lists/fulldisclosure/2005/May/0629.html Passmark technology tries to solve the machine authentication problem using encrypted cookies. The idea looks good, but I don't know how safe it is. I would personally wait till Passmark and similar technologies utilize TPM (Trusted Platform Module) to perform a mutual authentication before I can consider replacing physical hardware tokens with Passmark. But then again a TPM does NOT replace a USB cryptographic key device / token. They compliement each other. A USB token/smart card authenticates the user whereas a TPM authenticates a machine. I guess use of passmark instead of physical tokens will depend on the security needs of the system..... -- Saqib Ali, CISSP, ISSAP Support http://www.capital-punishment.net ----------- "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15 ----------- ------------------------------------------------------------------------- Sponsored by: Watchfire The Twelve Most Common Application-level Hack Attacks Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r --------------------------------------------------------------------------
Current thread:
- ual Factor/Adaptive Authentication Casey DeBerry (May 04)
- Re: ual Factor/Adaptive Authentication Saqib Ali (May 04)
- Re: ual Factor/Adaptive Authentication Saqib Ali (May 05)
- <Possible follow-ups>
- RE: ual Factor/Adaptive Authentication Casey DeBerry (May 10)
- Re: ual Factor/Adaptive Authentication Saqib Ali (May 10)
- Re: ual Factor/Adaptive Authentication Saqib Ali (May 04)