|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: 2-factor auth for all
From: Benjamin Tomhave (list-procurare
secureconsulting.net)
Date: Tue Oct 24 2006 - 08:14:47 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
That's interesting news, but token-based 2-factor does not stop phishing.
It just means the phishing site needs to be a little smarter, and perhaps
have a little faster turn-around. Unfortunately, I've seen successful
attacks like this for a couple years now. While 2-factor authN will likely
decrease the effectiveness of phishing attacks in the short-term, we should
have no illusions that the problem is solved.
cheers,
-ben
---
Benjamin Tomhave, CISSP, IAM, IEM
falconsecureconsulting.net
http://falcon.secureconsulting.net/
http://www.linkedin.com/pub/0/622/964
"We must scrupulously guard the civil rights and civil liberties of all
citizens, whatever their background. We must remember that any oppression,
any injustice, any hatred is a wedge designed to attack our civilization."
-President Franklin Delano Roosevelt
> -----Original Message-----
> From: listbouncesecurityfocus.com
> [mailto:listbouncesecurityfocus.com] On Behalf Of Saqib Ali
> Sent: Tuesday, October 24, 2006 12:15 AM
> To: Webappsec Mail List
> Subject: 2-factor auth for all
>
> seems like 2 factor auth (one time password) using token will
> be soon available to the general consumer soon.
>
> SanDisk will be adding the functionality of
> one-time-password, dubbed 'TrustedSignins', in their
> TrustedFlash device.
>
> Verisign, and RSA are working with SanDisk to build this
> platform, which might put an end to phishing
>
> See:
> http://www.sandisk.com/Corporate/PressRoom/PressReleases/Press
> Release.aspx?ID=3569
>
> --
> Saqib Ali, CISSP, ISSAP
> http://www.full-disk-encryption.net
>
> --------------------------------------------------------------
> -----------
> Sponsored by: Watchfire
>
> Hackers continue to add billions to the cost of doing
> business online despite security executives' efforts to
> prevent malicious attacks. This whitepaper identifies the
> most common methods of attacks that we have seen, and
> outlines a guideline for developing secure web applications.
> Download our The Twelve Most Common Application-level Hack
> Attacks whitepaper today!
>
> https://www.watchfire.com/securearea/whitepapers.aspx?id=70150
> 0000008YTi
> --------------------------------------------------------------
> ------------
>
>
-------------------------------------------------------------------------
Sponsored by: Watchfire
Hackers continue to add billions to the cost of doing business online
despite security executives' efforts to prevent malicious attacks. This
whitepaper identifies the most common methods of attacks that we have
seen, and outlines a guideline for developing secure web applications.
Download our The Twelve Most Common Application-level Hack Attacks
whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTi
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]