Assault on Authentication
While doing some research as we head towards the end of ‘CyberSecurity Month’ I came across two very interesting developments. The rather melodramatic – Assault on Authentication - is one of the 8 top threats of 2010 as cited by the Information Security Media Group, Corp. (ISMG) in a recently published report called 10 Faces of Fraud ( Old and New Schemes Target Banking Institutions and Their Customers ) In addition in a very new development in a recent article ( http://www.theregister.co.uk/2010/09/27/zeus_mobile_malware/ ) David Barroso of S21sec highlights the vulnerability of mobiles to Zeus ( MITMO ) (Man-in-the-Mobile ) attacks. The out of band password delivered via SMS in many 2FA solutions has now been found to be vulnerable to attack by the Zeus variant. So while “ banking regulatory bodies have long called for mandatory two-factor authentication for all online banking sites” . “...