Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why One-time Passwords Suck For MITM Attacks

Posted by CmdrTaco on from the my-password-is-pass1234 dept.

whitehartstag writes "Black Hat 08 disclosed several SSL VPN and DNS vulnerabilities that caused several people to sit up and take notice. Some of these new exploits performed a brilliant Man-In-The-Middle attack on SSL VPN tunnels. This article walks you through how using certificates, instead of OTP tokens, for second-factor authentication can increase the security of your SSL VPN against these new types of attacks."

5 of 138 comments (clear)

  1. The Love Triangle... by kcbanner · · Score: 5, Funny

    Alice and Bob's relationship will be at stake when an unknown interloper...Larry...arrives on the scene. Is this love line segment about to become a love triangle? Will the self-signed certs be accepted?

    Coming to you this fall...Larry is...The Man in the Middle.

    --
    Obligatory blog plug: http://www.caseybanner.ca/
  2. Re:This is NOT an attack on SSL VPN by Diss+Champ · · Score: 5, Funny

    Cert authorities are notorious for poor checking. The main thing they check is that they are getting paid. There are things certificates are good for- knowing for sure the first time you see one for a site that they are who they claim they are without further checking is not one of them.

  3. Re:xkcd comic by eln · · Score: 4, Funny

    http://xkcd.com/406/

  4. Re:xkcd comic by Chyeld · · Score: 5, Funny

    Is anyone else on the Internet SICK TO FUCKING DEATH of every story/article/anything having a XKCD comic posted as a link in it?

    No.
     
    Summer Glau

  5. Re:xkcd comic by Anonymous Coward · · Score: 5, Funny

    Well just in case he doesn't know...

    Knowing is half the battle.