QOTD - Litan on Defeating 2-Factor Auth

Criminals are successfully launching man-in-the-browser attacks that circumvent strong two-factor and other authentication that communicate through the user's browser. The fraudsters are also successfully having telecommunication carriers forward phone calls used to authenticate users and/or transactions to the fraudster's phone instead of the legitimate user's phone. These attacks were successfully and repeatedly executed against many banks and their customers across the globe in 2009. While bank accounts are the main immediate targets, these attack methods will migrate to other sectors and applications that contain sensitive valuable information and data within the next three years. -- Avivah Litan, Vice President and Distinguished Analyst in Gartner Research
Src: Where Strong Authentication Fails and What You Can Do About It | Gartner

No comments: