[<prev] [next>] [day] [month] [year] [list]
Message-ID: <7cac0a30609080751v17193c5bm3eca5e304d7a38de@mail.gmail.com>
Date: Fri, 8 Sep 2006 15:51:08 +0100
From: "Richard Braganza" <iwtb0202@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: has any ever tested a https portal?
Hi mismail, list,
mismail wrote
>the pin is one time unique! has anyone ever come across a setup like this?
Check out PINSafe by Swivel Secure (2 factor - unique PIN sent by email or
sms)
I found it during some app testing
It looked very good apart from the way it was implemented:Badly, it allowed
DoS any logged in user, by logging them off. The product was not to blame
IMHO - only how it was integrated to the web site
Best Regards
RARB
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists