assurance - Re: [Assurance] can two-factor be hacked ?
Subject: Assurance
List archive
- From: David Langenberg <>
- To: "" <>
- Subject: Re: [Assurance] can two-factor be hacked ?
- Date: Fri, 7 Mar 2014 15:06:19 -0700
Even if you start chasing addresses & blacklisting proxies they'll just escalate to my favorite way of handling enterprise apps which have dumb UI issues & committees who refuse to implement common-sense suggestions: the browser extension.
Dave
On Fri, Mar 7, 2014 at 2:31 PM, Cantor, Scott <> wrote:
On 3/7/14, 4:27 PM, "Steven Carmody" <> wrote:Or old, as the case may be. Proxies are really only defeatable in the
>
>The _javascript_ runs completely within the server platform. That's
>something that's new....
usual ways. If they're screen scraping, then you can have an arms race
implementing anti-scraping tricks, but that goes away as soon as you
support something like, say, ECP or Moonshot, that's implementing a
non-browser UI for authentication.
So that leaves chasing addresses, and blacklisting proxies when you find
them.
Nothing I can imagine.
>As you say, *should*. However, if its identical to the application's
>login page, then the user would have to look at the url bar... does
>anyone know of anything that could be embedded in the real page, but not
>duplicated in the fake page ?
-- Scott
David Langenberg
Identity & Access Management
The University of Chicago
- Re: [Assurance] can two-factor be hacked ?, (continued)
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/12/2014
- RE: [Assurance] can two-factor be hacked ?, Brian Arkills, 03/11/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/11/2014
- RE: [Assurance] can two-factor be hacked ?, Jones, Mark B, 03/11/2014
- RE: [Assurance] can two-factor be hacked ?, Etan Weintraub, 03/11/2014
- RE: [Assurance] can two-factor be hacked ?, Farmer, Jacob, 03/11/2014
- Re: [Assurance] can two-factor be hacked ?, Dana Watanabe, 03/11/2014
- RE: [Assurance] can two-factor be hacked ?, Jones, Mark B, 03/11/2014
- Re: [Assurance] can two-factor be hacked ?, Joe St Sauver, 03/07/2014
- Re: [Assurance] can two-factor be hacked ?, Steven Carmody, 03/07/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/07/2014
- Re: [Assurance] can two-factor be hacked ?, David Langenberg, 03/07/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/07/2014
- RE: [Assurance] can two-factor be hacked ?, Farmer, Jacob, 03/07/2014
- Re: [Assurance] can two-factor be hacked ?, David Langenberg, 03/07/2014
- RE: [Assurance] can two-factor be hacked ?, Farmer, Jacob, 03/07/2014
- Re: [Assurance] can two-factor be hacked ?, David Langenberg, 03/07/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/07/2014
- Re: [Assurance] can two-factor be hacked ?, David Walker, 03/07/2014
- Re: [Assurance] can two-factor be hacked ?, David Langenberg, 03/07/2014
- Re: [Assurance] can two-factor be hacked ?, David Langenberg, 03/07/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/07/2014
- Re: [Assurance] can two-factor be hacked ?, Steven Carmody, 03/07/2014
Archive powered by MHonArc 2.6.16.