Why one-time passwords suck for MITM attacks

Slashdot

Why one-time passwords suck for MITM attacks-> 0

Submitted by

whitehartstag

on Monday August 18 2008, @01:22PM

whitehartstag writes "Black Hat 08 disclosed several SSL VPN and DNS vulnerabilities that caused several people to sit up and take notice. Some of these new exploits performed a brilliant Man-In-The-Middle attack on SSL VPN tunnels. This article walks you through how using certificates, instead of OTP tokens for second-factor authentication can increase the security of your SSL VPN against these new types of attacks."
Link to Original Source

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Why one-time passwords suck for MITM attacks

Load All Comments

Search 0 Comments Log In/Create an Account

Comments Filter:

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

If A = B and B = C, then A = C, except where void or prohibited by law. -- Roy Santoro

Why one-time passwords suck for MITM attacks More Login

Why one-time passwords suck for MITM attacks