| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAH8yC8nOoXXZWAdfqCz+T7WpJZ9t1J_yGtY23KBZZWyYWE+-1Q@mail.gmail.com> Date: Fri, 18 May 2012 19:58:55 -0400 From: Jeffrey Walton <noloader@...il.com> To: coderman <coderman@...il.com> Cc: full-disclosure@...ts.grok.org.uk, "Michael J. Gray" <mgray@...tcode.com> Subject: Re: Google Accounts Security Vulnerability On Fri, May 18, 2012 at 4:00 PM, coderman <coderman@...il.com> wrote: > On Thu, May 17, 2012 at 5:51 AM, Mike Hearn <hearn@...gle.com> wrote: >> I understand your concerns, however they are not valid. > > best thread on list all month. :) > > now if only Google's two factor auth could use tamper resistant tokens. > i trust my phone even less than my browser... :( "Two-channel breached: a milestone in threat evaluation, and a floor on monetary value," http://financialcryptography.com/mt/archives/001349.html. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists