Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why One-time Passwords Suck For MITM Attacks

Posted by CmdrTaco on from the my-password-is-pass1234 dept.

whitehartstag writes "Black Hat 08 disclosed several SSL VPN and DNS vulnerabilities that caused several people to sit up and take notice. Some of these new exploits performed a brilliant Man-In-The-Middle attack on SSL VPN tunnels. This article walks you through how using certificates, instead of OTP tokens, for second-factor authentication can increase the security of your SSL VPN against these new types of attacks."

13 of 138 comments (clear)

  1. The Love Triangle... by kcbanner · · Score: 5, Funny

    Alice and Bob's relationship will be at stake when an unknown interloper...Larry...arrives on the scene. Is this love line segment about to become a love triangle? Will the self-signed certs be accepted?

    Coming to you this fall...Larry is...The Man in the Middle.

    --
    Obligatory blog plug: http://www.caseybanner.ca/
    1. Re:The Love Triangle... by Anonymous Coward · · Score: 1, Funny

      Coming to you this fall...Larry is...The Man in the Middle.

      Not sure Larry is the best name, how about Malcolm?

  2. xkcd comic by khasim · · Score: 3, Funny

    http://xkcd.com/177/

    Eve

    1. Re:xkcd comic by eln · · Score: 4, Funny

      http://xkcd.com/406/

    2. Re:xkcd comic by Chyeld · · Score: 5, Funny

      Is anyone else on the Internet SICK TO FUCKING DEATH of every story/article/anything having a XKCD comic posted as a link in it?

      No.
       
      Summer Glau

    3. Re:xkcd comic by Anonymous Coward · · Score: 5, Funny

      Well just in case he doesn't know...

      Knowing is half the battle.

    4. Re:xkcd comic by Firehed · · Score: 2, Funny

      Which, I take it, is why your post was not signed "Summer Glau".

      --
      How are sites slashdotted when nobody reads TFAs?
    5. Re:xkcd comic by smallfries · · Score: 3, Funny

      Is anyone else on the Internet SICK TO FUCKING DEATH of every story/article/anything having a XKCD comic posted as a link in it?

      My hobby:

      I like to post an xkcd link into every story I come across...

      --
      Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
    6. Re:xkcd comic by Culture20 · · Score: 3, Funny

      That is no-where near an exhaustively-researched word-by-word rebuttal.

      OK...

      Is

      Isn't

      anyone

      everyone

      else

      this

      on

      off

      the

      Um... you win.

  3. Re:frequency in the wild ? by Intron · · Score: 2, Funny

    http://www.imdb.com/title/tt0212671/

    Yes. The above link was successful for 6 years.

    --
    Intron: the portion of DNA which expresses nothing useful.
  4. Re:This is NOT an attack on SSL VPN by Diss+Champ · · Score: 5, Funny

    Cert authorities are notorious for poor checking. The main thing they check is that they are getting paid. There are things certificates are good for- knowing for sure the first time you see one for a site that they are who they claim they are without further checking is not one of them.

  5. Re:Why go halfway? by kcbanner · · Score: 2, Funny

    ...they were then fired for their incompetence.
    ...then they were taken out and beaten to a pulp.
    ...then they were ground up into this powder!

    --
    Obligatory blog plug: http://www.caseybanner.ca/
  6. Re:Trout-based VPN has none of these problems by Architect_sasyr · · Score: 2, Funny

    We need more Red Dwarf references...

    A superlative suggestion sir, with only two minor drawbacks: one, we don't have enough boys from the dwarf and two, we don't have enough boys from the dwarf. I know that technically that's only one drawback, but I thought it was such a big one it was worth mentioning twice.

    --
    Me failed English...
    FreeBSD over Linux. If my comments seem odd, this may explain...