Slashdot is powered by your submissions, so send in your scoop
FBI Warns About Attacks That Bypass Multi-Factor Authentication (zdnet.com) 6
Why is the FBI just now issuing this alert? Even they acknowledge that this isn’t new.
*checks date on FBI alert – September 17th*
Why is ZDNet just now getting around to mentioning this?
*checks date on FBI post again*
Why is Slashdot just now mentioning
Might as well let the good side see it too. Similar reasoning to going public with exploits… and eventually letting out more details (or threatening to) so that they are actually are noticed and patched.
Just because you don’t see it doesn’t mean it hasn’t existed for a long time.
I’ve wondered for some timeabout Proxies, transparent and visible.
Arethey a fully privledged Man in the Middle? Do they get to decrypt https? do VPNs help? Is there a way a server can detect a proxy is in front of the client and warn the client (e.g. a banking app?)Unless I misread something, it looks like this attack vector is due to two factor authentication methods which use SMS for the second part. Banks and other institutions which use their own app, or Bog-standard TOTP are completely unaffected by this attack.
Of course, there are other attacks which can attack 2FA, mainly at the browser session level, but if one is using an authenticator, they should be OK, with the exception of places that offer recovery methods via SMS.
In any case, 2FA definitely raises the
If your second factor is a telephone, you don’t actually have 2FA. After all, the second factor cannot be the same device that you’re using to sign in, because that’s the same physical device as the one with access to the first factor (the password).
There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.
Related Links Top of the: day, week, month.
- 582 commentsAG Barr Says Consumers Should Accept Security Risks of Encryption Backdoors
- 568 commentsIn a First, Israel Responds To Hamas Hackers With an Air Strike
- 447 commentsFBI Director Christopher Wray On Encryption: We Can’t Have an ‘Entirely Unfettered Space Beyond the Reach of Law Enforcement’
- 432 commentsAtlassian Changes Annual Performance Reviews To Stop Rewarding ‘Brilliant Jerks’
- 401 commentsInsect Collapse: ‘We Are Destroying Our Life Support Systems’
Slashdot Top Deals
- Get more comments
- 6 of 6 loaded
TRANSACTION CANCELLED – FARECARD RETURNED