Re: Phishers Defeat 2-Factor Auth

2006-07-12 Thread James A. Donald
Lance James wrote: The site asks for your user name and password, as well as the token-generated key. If you visit the site and enter bogus information to test whether the site is legit -- a tactic used by some security-savvy people -- you might be fooled. That's because this site acts as the

Phishers Defeat 2-Factor Auth

2006-07-11 Thread Lance James
Full article at http: // blog.washingtonpost.com / securityfix / Citibank Phish Spoofs 2-Factor Authentication Security experts have long touted the need for financial Web sites to move beyond mere passwords and implement so-called two-factor authentication -- the second factor being something

Phishers Defeat 2-Factor Auth

2006-07-11 Thread Lance James
http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2fa ctor_1.html Thought this might interest some. -Lance James - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL

Re: Phishers Defeat 2-Factor Auth

2006-07-11 Thread Anne Lynn Wheeler
Lance James wrote: Full article at http: // blog.washingtonpost.com / securityfix / happen to mention more than a year ago ... that it would be subject to mitm-attacks ... recent comment on the subject http://www.garlic.com/~lynn/aadsm24.htm#33 Threatwatch - 2-factor tokens attacked by

RE: Phishers Defeat 2-Factor Auth

2006-07-11 Thread Lance James
Defeat 2-Factor Auth Lance James wrote: Full article at http: // blog.washingtonpost.com / securityfix / happen to mention more than a year ago ... that it would be subject to mitm-attacks ... recent comment on the subject http://www.garlic.com/~lynn/aadsm24.htm#33 Threatwatch - 2-factor tokens