Lance James wrote:
The site asks for your user name and password, as well as the
token-generated key. If you visit the site and enter bogus information to
test whether the site is legit -- a tactic used by some security-savvy
people -- you might be fooled. That's because this site acts as the "ma
hers Defeat 2-Factor Auth
Lance James wrote:
> Full article at http: // blog.washingtonpost.com / securityfix /
happen to mention more than a year ago ... that it would be subject to
mitm-attacks ... recent comment on the subject
http://www.garlic.com/~lynn/aadsm24.htm#33 Threatwatch - 2-factor
Lance James wrote:
Full article at http: // blog.washingtonpost.com / securityfix /
happen to mention more than a year ago ... that it would be subject to
mitm-attacks ... recent comment on the subject
http://www.garlic.com/~lynn/aadsm24.htm#33 Threatwatch - 2-factor tokens
attacked by phishe
http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2fa
ctor_1.html
Thought this might interest some.
-Lance James
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAI
Full article at http: // blog.washingtonpost.com / securityfix /
Citibank Phish Spoofs 2-Factor Authentication
Security experts have long touted the need for financial Web sites to move
beyond mere passwords and implement so-called "two-factor authentication" --
the second factor being something