Re: Phishers Defeat 2-Factor Auth

2006-07-12 Thread James A. Donald
Lance James wrote: The site asks for your user name and password, as well as the token-generated key. If you visit the site and enter bogus information to test whether the site is legit -- a tactic used by some security-savvy people -- you might be fooled. That's because this site acts as the

Re: Phishers Defeat 2-Factor Auth

2006-07-11 Thread Anne Lynn Wheeler
Lance James wrote: Full article at http: // blog.washingtonpost.com / securityfix / happen to mention more than a year ago ... that it would be subject to mitm-attacks ... recent comment on the subject http://www.garlic.com/~lynn/aadsm24.htm#33 Threatwatch - 2-factor tokens attacked by

RE: Phishers Defeat 2-Factor Auth

2006-07-11 Thread Lance James
Defeat 2-Factor Auth Lance James wrote: Full article at http: // blog.washingtonpost.com / securityfix / happen to mention more than a year ago ... that it would be subject to mitm-attacks ... recent comment on the subject http://www.garlic.com/~lynn/aadsm24.htm#33 Threatwatch - 2-factor tokens