[WEB SECURITY] New two-stage login procedure
Esteban Ribičić
kisero at gmail.com
Wed Dec 13 15:30:21 EST 2006
Well, its not easy spoofing anymore...besides its phone + key
(normally four digits one)
On 12/13/06, Brian Eaton <eaton.lists at gmail.com> wrote:
> On 12/13/06, Esteban Ribičić <kisero at gmail.com> wrote:
> > a smarter would be:
> >
> > 1) user calls from a defined number (mobile) to a pbx
> > 2) pbx checks any and ask for a code
> > 3) pbx replies with a token
> >
> > user logs with this normal credentials (bank account and password) + token
> +
> > "common pool of questions".
> >
> > its not expensive...asterisk can do it.
>
> Caller ID spoofing seems like a problem with this system:
>
> http://www.securityfocus.com/news/9822
>
> Regards,
> Brian
>
More information about the websecurity
mailing list