Sitekey vulnerabilities article

By Rory2 on August 25, 2006 2:50 PM

SiteKey-20060718.pdf (application/pdf Object)

An article detailing some problems with the SiteKey implementation at BofA. I must say I'm not surprised by the one about real-time MITM bypassing the problem, but I'm a little surprised about one of the security processes for login being waived once the user clicks a button on a given PC and moreso that there's no easy way to remove the bypass from a given PC....

Secondary security questions (well one's that aren't likely to be public knowledge anyway) are a decent add-on to an authentication procedure, but I wouldn't have thought that they were so onerous, that you couldn't just ask them every time...

Categories:

Categories

Monthly Archives

About this Entry

This page contains a single entry by Rory2 published on August 25, 2006 2:50 PM.

Great Dictionary Site was the previous entry in this blog.

Ruby On Rails is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Pages

Powered by Movable Type 4.37

Search

About this Entry

This page contains a single entry by Rory2 published on August 25, 2006 2:50 PM.

Great Dictionary Site was the previous entry in this blog.

Ruby On Rails is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.