WebApp Sec mailing list archives
RE: 2-factor auth for all
From: "Benjamin Tomhave" <list-procurare () secureconsulting net>
Date: Tue, 24 Oct 2006 09:14:47 -0400
That's interesting news, but token-based 2-factor does not stop phishing. It just means the phishing site needs to be a little smarter, and perhaps have a little faster turn-around. Unfortunately, I've seen successful attacks like this for a couple years now. While 2-factor authN will likely decrease the effectiveness of phishing attacks in the short-term, we should have no illusions that the problem is solved. cheers, -ben --- Benjamin Tomhave, CISSP, IAM, IEM falcon () secureconsulting net http://falcon.secureconsulting.net/ http://www.linkedin.com/pub/0/622/964 "We must scrupulously guard the civil rights and civil liberties of all citizens, whatever their background. We must remember that any oppression, any injustice, any hatred is a wedge designed to attack our civilization." -President Franklin Delano Roosevelt
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Saqib Ali Sent: Tuesday, October 24, 2006 12:15 AM To: Webappsec Mail List Subject: 2-factor auth for all seems like 2 factor auth (one time password) using token will be soon available to the general consumer soon. SanDisk will be adding the functionality of one-time-password, dubbed 'TrustedSignins', in their TrustedFlash device. Verisign, and RSA are working with SanDisk to build this platform, which might put an end to phishing See: http://www.sandisk.com/Corporate/PressRoom/PressReleases/Press Release.aspx?ID=3569 -- Saqib Ali, CISSP, ISSAP http://www.full-disk-encryption.net -------------------------------------------------------------- ----------- Sponsored by: Watchfire Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download our The Twelve Most Common Application-level Hack Attacks whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70150 0000008YTi -------------------------------------------------------------- ------------
------------------------------------------------------------------------- Sponsored by: Watchfire Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download our The Twelve Most Common Application-level Hack Attacks whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTi --------------------------------------------------------------------------
Current thread:
- 2-factor auth for all Saqib Ali (Oct 23)
- RE: 2-factor auth for all Benjamin Tomhave (Oct 27)
- Re: 2-factor auth for all David Kierznowski (Oct 27)
- Re: 2-factor auth for all Saqib Ali (Oct 27)
- RE: 2-factor auth for all Nick Owen (Oct 27)
- Re: 2-factor auth for all Saqib Ali (Oct 27)
- Re: 2-factor auth for all Nick Owen (Oct 27)
- Re: 2-factor auth for all Saqib Ali (Oct 27)