Firewall Wizards mailing list archives
Re: Username password VS hardware token plus PIN
From: Frank Knobbe <frank () knobbe us>
Date: Wed, 23 Feb 2005 08:27:03 -0600
On Wed, 2005-02-23 at 14:36 +0300, ArkanoiD wrote:
sound great, my old 9110 just crashed when nmap'ed ;-)
That's ok. So do certain mainframes. ;)
but - MMS and smart SMS are big risk, i am pretty sure there are some nasty buffer overruns ;-)
Yes, and as someone mentioned offline, you can do nasty things with SMS messages. It ranges from locking the SIM to enabling BlueTooth. But I guess all GSM phones are at risk there. I didn't mean to proclaim that the 9500 is the most secure phone. As we all know, the most secure phone is encased in concrete, welded shut in a steel case at the bottom of the ocean, right? Anyhow, I think we're drifting off topic. Though it raises the question how tamper proof and attack resilient those cheap PDA style tokens are that Marcus mentioned. Perhaps they are not as secure as a DigiPass, but how secure do they need to be? Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: Username password VS hardware token plus PIN, (continued)
- Re: Username password VS hardware token plus PIN Frank Knobbe (Feb 22)
- Re: Username password VS hardware token plus PIN Marcus J. Ranum (Feb 22)
- Re: Username password VS hardware token plus PIN Frank Knobbe (Feb 22)
- Re: Username password VS hardware token plus PIN Marcus J. Ranum (Feb 22)
- Re: Username password VS hardware token plus PIN Frank Knobbe (Feb 22)
- Re: Username password VS hardware token plus PIN ArkanoiD (Feb 22)
- Re: Username password VS hardware token plus PIN Frank Knobbe (Feb 22)
- Re: Username password VS hardware token plus PIN Dragos Ruiu (Feb 23)
- Re: Username password VS hardware token plus PIN ArkanoiD (Feb 24)
- Re: Username password VS hardware token plus PIN ArkanoiD (Feb 23)
- Re: Username password VS hardware token plus PIN Frank Knobbe (Feb 23)
- Re: Username password VS hardware token plus PIN ArkanoiD (Feb 22)
- Re: Username password VS hardware token plus PIN Adam Shostack (Feb 22)
- SSL cert expiration hermit921 (Feb 23)
- Re: Username password VS hardware token plus PIN Dragos Ruiu (Feb 23)
- Re: Username password VS hardware token plus PIN Marcus J. Ranum (Feb 23)
- Re: Username password VS hardware token plus PIN Dragos Ruiu (Feb 24)
- Re: Username password VS hardware token plus PIN ArkanoiD (Feb 24)
- Re: Username password VS hardware token plus PIN ArkanoiD (Feb 24)
- Re: Username password VS hardware token plus PIN John Hall (Feb 24)
- Re: Username password VS hardware token plus PIN David Lang (Feb 24)