Skip to main content

The WiKID Blog

Viewing posts from June, 2012

Thoughts on the RSA SecurID 800 paper

The original paper on the attack is Efficient Padding Oracle Attacks on Cryptographic Hardware' by Bardou, Focardi, Kawamoto, Simionato, Steel and Tsay> here (pdf). They have combined and optimized a handful of attacks against the PKCS#11 encryption that they claim make it possible to extract the private keys. There is a great summary by Matthew Green from John Hopkins.

I know something that isn't two-factor authentication

William Edwards wrote a post entitled "I know someone whose 2-factor phone authentication was hacked…" about a friend whose bank account was drained by fraudsters. His bank relied on a dial-back system. The attackers social-engineered BT to re-route the phone calls. This attack is eerily similar to the recent attack on Cloudflare, which started with an attack on an AT&T account.

Recent Posts

Archive

2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom