Security Basics mailing list archives
Re: Device Authentication - The answer to attacks lauched using stolen passwords?
From: "Saqib Ali" <docbook.xml () gmail com>
Date: Thu, 7 Sep 2006 13:23:45 -0700
mention) than a trusted platform. It might actually be better to use passwords for the session authentication and an OTP for the transaction.
but weren't there attacks on OTP recently: http://www.channelregister.co.uk/2006/07/13/2-factor_phishing_attack/ http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2factor_1.html I think client device authentication would have prevented these attacks. -- Saqib Ali, CISSP, ISSAP Support http://www.capital-punishment.net ----------- "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15 ----------- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Device Authentication - The answer to attacks lauched using stolen passwords? Saqib Ali (Sep 05)
- Re: Device Authentication - The answer to attacks lauched using stolen passwords? Nick Owen (Sep 06)
- Re: Device Authentication - The answer to attacks lauched using stolen passwords? Saqib Ali (Sep 06)
- Re: Device Authentication - The answer to attacks lauched using stolen passwords? Nick Owen (Sep 06)
- Re: Device Authentication - The answer to attacks lauched using stolen passwords? Saqib Ali (Sep 07)
- Re: Device Authentication - The answer to attacks lauched using stolen passwords? Nick Owen (Sep 07)
- Re: Device Authentication - The answer to attacks lauched using stolen passwords? Saqib Ali (Sep 08)
- Re: Device Authentication - The answer to attacks lauched using stolen passwords? Nick Owen (Sep 08)
- Re: Device Authentication - The answer to attacks lauched using stolen passwords? Saqib Ali (Sep 06)
- Re: Device Authentication - The answer to attacks lauched using stolen passwords? Nick Owen (Sep 06)