Full Disclosure mailing list archives
Re: Most common keystroke loggers?
From: Rodrigo Barbosa <rodrigob () suespammers org>
Date: Fri, 2 Dec 2005 16:03:53 -0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, Dec 02, 2005 at 11:35:16AM -0600, Frank Knobbe wrote:
At the end of the day, one-time-passwords for login *and* transactions are probably the only real solution to prevent replay and mitm attacks (the latter using OTP hashed transactions).
Actually, there is always the possibility of out-of-band authentication. Here is a scenary I've encountered before: 1) You get to the login screen 2) The login screen will give you a code 3) You get the phone, dial a number, and enter the code provided, along with some other information 4) The system authenticates you out of band 5) You simply click "continue" on the login screen There are other possible scenaries, of course, but this is just one I've seen once. []s - -- Rodrigo Barbosa <rodrigob () suespammers org> "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDkIyJpdyWzQ5b5ckRAh9lAJsF6pCRCYI1E0U5cxF/BHeV+Kou4ACgt6jd JfyyCsb8IkYYOrFMX2PVw/o= =RgHh -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: Re: Most common keystroke loggers?, (continued)
- RE: Re: Most common keystroke loggers? Todd Towles (Dec 01)
- Re: Re: Most common keystroke loggers? Michael Holstein (Dec 01)
- re: Most common keystroke loggers? mz4ph0d (Dec 01)
- RE: Most common keystroke loggers? Lyal Collins (Dec 01)
- RE: Most common keystroke loggers? Jeroen van Meeuwen (Dec 02)
- re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
- re: Most common keystroke loggers? Frank Knobbe (Dec 02)
- RE: Most common keystroke loggers? Debasis Mohanty (Dec 02)
- Re: Most common keystroke loggers? Michael Holstein (Dec 02)
- Re: Most common keystroke loggers? ascii (Dec 02)
- Re: Most common keystroke loggers? Rodrigo Barbosa (Dec 02)
- Re: Most common keystroke loggers? Blue Boar (Dec 02)
- Re: Most common keystroke loggers? Frank Knobbe (Dec 02)
- Re: Most common keystroke loggers? Blue Boar (Dec 02)
- Re: Most common keystroke loggers? Frank Knobbe (Dec 02)
- RE: Most common keystroke loggers? Lyal Collins (Dec 01)
- RE: Re: Most common keystroke loggers? Todd Towles (Dec 01)
- RE: Most common keystroke loggers? Debasis Mohanty (Dec 02)
- RE: Most common keystroke loggers? Debasis Mohanty (Dec 02)
- RE: Most common keystroke loggers? Debasis Mohanty (Dec 02)