RE: 2-factor auth for all

["Benjamin Tomhave" <list-procurare () secureconsulting net>]

That's interesting news, but token-based 2-factor does not stop phishing.
It just means the phishing site needs to be a little smarter, and perhaps
have a little faster turn-around.  Unfortunately, I've seen successful
attacks like this for a couple years now.  While 2-factor authN will likely
decrease the effectiveness of phishing attacks in the short-term, we should
have no illusions that the problem is solved.

cheers,

-ben

---
Benjamin Tomhave, CISSP, IAM, IEM
falcon () secureconsulting net
http://falcon.secureconsulting.net/
http://www.linkedin.com/pub/0/622/964

"We must scrupulously guard the civil rights and civil liberties of all
citizens, whatever their background. We must remember that any oppression,
any injustice, any hatred is a wedge designed to attack our civilization."
-President Franklin Delano Roosevelt
 

> -----Original Message-----
> From: listbounce () securityfocus com 
> [mailto:listbounce () securityfocus com] On Behalf Of Saqib Ali
> Sent: Tuesday, October 24, 2006 12:15 AM
> To: Webappsec Mail List
> Subject: 2-factor auth for all
>
> seems like 2 factor auth (one time password) using token will 
> be soon available to the general consumer soon.
>
> SanDisk will be adding the functionality of 
> one-time-password, dubbed 'TrustedSignins', in their 
> TrustedFlash device.
>
> Verisign, and RSA are working with SanDisk to build this 
> platform, which might put an end to phishing
>
> See:
> http://www.sandisk.com/Corporate/PressRoom/PressReleases/Press
> Release.aspx?ID=3569
>
> --
> Saqib Ali, CISSP, ISSAP
> http://www.full-disk-encryption.net
>
> --------------------------------------------------------------
> -----------
> Sponsored by: Watchfire
>
> Hackers continue to add billions to the cost of doing 
> business online despite security executives' efforts to 
> prevent malicious attacks. This whitepaper identifies the 
> most common methods of attacks that we have seen, and 
> outlines a guideline for developing secure web applications. 
> Download our The Twelve Most Common Application-level Hack 
> Attacks whitepaper today!
>
> https://www.watchfire.com/securearea/whitepapers.aspx?id=70150
> 0000008YTi
> --------------------------------------------------------------
> ------------


-------------------------------------------------------------------------
Sponsored by: Watchfire

Hackers continue to add billions to the cost of doing business online 
despite security executives' efforts to prevent malicious attacks. This 
whitepaper identifies the most common methods of attacks that we have 
seen, and outlines a guideline for developing secure web applications. 
Download our The Twelve Most Common Application-level Hack Attacks 
whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTi
--------------------------------------------------------------------------