[WEB SECURITY] SiteKey
White, Dain P
dainw at wsu.edu
Thu Oct 26 17:29:26 EDT 2006
I have no opinion.. just thought I'd throw a link in:
http://www.bankofamerica.com/privacy/sitekey/
~Dain
<http://www.wsu.edu/>
Dain White, Web Coordinator
Office of Student Affairs <http://www.studentaffairs.wsu.edu/>
Washington State University <http://www.wsu.edu/>
dainw at wsu.edu * 1-509-335-6673
________________________________
From: Noon Tar [mailto:noontar at gmail.com]
Sent: Thursday, October 26, 2006 11:06 AM
To: websecurity at webappsec.org
Subject: [WEB SECURITY] SiteKey
You know what I mean. The thing Bank of America uses.
Is it any good? Is it actually "2-factor"?
I've heard people say that Sitekey is better than tokens because it is
newer technology and therefore doesn't have the problems they read about
onw Bruce Scheier's blog. You know, the one where he wrote "it solves
the security problems we had 10 years ago, not the security problems we
have today". People who really don't know anything about security,
quoting Scheier to justify their opinions.
SiteKey can't possibly protect against MITM. Is it vulnerable to simpler
attacks than MITM?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20061026/b1d79dcf/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: wsucat.gif
Type: image/gif
Size: 860 bytes
Desc: wsucat.gif
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20061026/b1d79dcf/attachment.gif>
More information about the websecurity
mailing list