Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Device Authentication - The answer to attacks lauched using stolen passwords?

From: "Saqib Ali" <docbook.xml () gmail com>
Date: Thu, 7 Sep 2006 13:23:45 -0700
mention) than a trusted platform. It might actually be better to use
passwords for the session authentication and an OTP for the transaction.


but weren't there attacks on OTP recently:

http://www.channelregister.co.uk/2006/07/13/2-factor_phishing_attack/
http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2factor_1.html

I think client device authentication would have prevented these attacks.

--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: