Re: pen testing https portal?

["Richard Braganza" <iwtb0202 () googlemail com>]

Check out PINSafe by Swivel Secure (2 factor - unique PIN sent by email or sms)
I found it during some app testing
It looked very good apart from the way it was implemented:Badly, it
allowed DoS any logged in user, by logging them off if incorrect
numbers entered. The product was not to blame IMHO - only how it was
integrated to the web site
Best Regards
RARB

On 9 Sep 2006 19:35:47 -0000, mismail () postmaster co uk
<mismail () postmaster co uk> wrote:
> no basically 1234 is PIN they refer to, so when they click on the generate
> pin button they find the number under 1234 and enter that as there pin, the
> number they enter will always change, so if some if walking past and see's
> your logon details, they cant logon, cos its a new number you'd have type in
> again!
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------