[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] has any ever tested a https portal?

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] has any ever tested a https portal?
From: "Richard Braganza" <iwtb0202@xxxxxxxxxxxxxx>
Date: Fri, 8 Sep 2006 15:51:08 +0100

Hi mismail, list,
mismail wrote

the pin is one time unique! has anyone ever come across a setup like this?


Check out PINSafe by Swivel Secure (2 factor - unique PIN sent by email or
sms)
I found it during some app testing
It looked very good apart from the way it was implemented:Badly, it allowed
DoS any logged in user, by logging them off. The product was not to blame
IMHO - only how it was integrated to the web site
Best Regards
RARB

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Active Directory accounts
Next by Date: [Full-disclosure] Re: Linux kernel source archive vulnerable
Previous by thread: [Full-disclosure] SECURITY.NNOV: Panda Platinum Internet Security
Next by thread: [Full-disclosure] HP execs phone hack - SSNs *still* not secure for authentication
Index(es):
- Date
- Thread