On Tue, Apr 13, 2010 at 7:58 PM, Sebastian Lauwers <[email protected]> wrote: > obviously I would love it if Nokia or > Intel would buy a bunch of hardware tokens that contributors could > acquire for a diminished price (Vasco would be the cheapest provider, > with batches going for around $12-$16 per unit, second would be [my > previous company], third would be RSA), as having OTPs would have > rendered the Apache attack useless, but I doubt we are anywhere near > such measures. >
Even hardware OTP generators might not have stopped the Apache attack... Blizzard has been selling World of Warcraft OTP 'Authenticators' for a while now, and recently[1] someone came up with a man-in-the-middle attack that allowed them to access someone's account while they were logged in. True - it would have made it useless to steal the password list, but there is still quite a bit of damage they could have done if they were stealthy and smart... Warren 1: http://www.crunchgear.com/2010/02/28/world-of-warcraft-hackers-embrace-man-in-the-middle-attacks/ -- Warren Baird - Photographer and Digital Artist http://www.synergisticimages.ca _______________________________________________ MeeGo-dev mailing list [email protected] http://lists.meego.com/listinfo/meego-dev
