nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking

From: "Keith Medcalf" <kmedcalf () dessus com>
Date: Tue, 26 Feb 2019 20:56:22 -0700

I did write my own TOTP client.  However, why do you assume that I am talking about a TOTP client and not the referred 
webpage which requires the unfettered execution of third-party (likely malicious) javascript in order to view?  Not to 
mention requiring the use of (also quite possibly malicious) downloaded fonts?

---
The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.



-----Original Message-----
From: NANOG [mailto:nanog-bounces+kmedcalf=dessus.com () nanog org] On
Behalf Of Seth Mattinen
Sent: Tuesday, 26 February, 2019 09:36
To: nanog () nanog org
Subject: Re: 2FA, was A Deep Dive on the Recent Widespread DNS
Hijacking

On 2/25/19 9:59 PM, Keith Medcalf wrote:

Are you offering an indemnity in case that code is malicious?  What

are the terms and the amount of the indemnity?


Anyone who is that paranoid should read the RFC and write their own
TOTP
client that lets them indemnify themselves from their own code.
Previous By Date Next
Previous By Thread Next

Current thread: