Here's a great example of an attack focused on Citibank a few months ago, where a Man in the Middle exploit was used to defeat a One Time Password implementation of 2-factor authentication.
http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2factor_1.html
If it's just data that you type in, it can be stolen, spoofed, or passed through, leaving you no better off than before.
Subscribe to:
Post Comments (Atom)
1 comment:
Good discussion of this exploit here on another blog:
http://www.schneier.com/blog/archives/2006/07/failure_of_twof.html
Post a Comment