Re: Username password VS hardware token plus PIN

[Frank Knobbe <frank () knobbe us>]

On Wed, 2005-02-23 at 14:36 +0300, ArkanoiD wrote:
> sound great, my old 9110 just crashed when nmap'ed ;-)

That's ok. So do certain mainframes.  ;)

> but - MMS and smart SMS are big risk, i am pretty sure there are some nasty
> buffer overruns ;-)

Yes, and as someone mentioned offline, you can do nasty things with SMS
messages. It ranges from locking the SIM to enabling BlueTooth. But I
guess all GSM phones are at risk there.

I didn't mean to proclaim that the 9500 is the most secure phone. As we
all know, the most secure phone is encased in concrete, welded shut in a
steel case at the bottom of the ocean, right?

Anyhow, I think we're drifting off topic. Though it raises the question
how tamper proof and attack resilient those cheap PDA style tokens are
that Marcus mentioned. Perhaps they are not as secure as a DigiPass, but
how secure do they need to be?

Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part