tag:blogger.com,1999:blog-23520533.post5314492369486045282..comments2024-01-03T03:10:03.793-06:00Comments on Security PS Blog: Defcon 15: "Strong" Authentication in Web ApplicationsKris Drenthttp://www.blogger.com/profile/10182751344265769843noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-23520533.post-91519417187757205112007-09-03T10:04:00.000-05:002007-09-03T10:04:00.000-05:00I missed the presentation, but this is something I...I missed the presentation, but this is something I have frequently brought up with clients I work with in the financial industry, and to contacts in regulatory agencies. The question I often ask is why was guidance in '05 so vague. The FFIEC just said 'perform the risk assessment and implement strong authentication' Most of my clients relied on their vendors to provide MFA, and usually chose the least expensive option. While I loathe the false sense of security that passmark provides (I understand it's already been defeated btw) It is equally as flawed as certificates and profiling.Eric Kitchenshttps://www.blogger.com/profile/02187113067193681483noreply@blogger.comtag:blogger.com,1999:blog-23520533.post-64831135219950926172007-08-29T14:14:00.000-05:002007-08-29T14:14:00.000-05:00I am one of them who is worried. I also attended t...I am one of them who is worried. I also attended the presentation and met Brendan at the Q&A room afterwards where he continued with his presentation, after his speaking time was up and they cut him off.<BR/><BR/>I blogged about it twice and nobody seems to care. As you said, somebody will care, but not for the user, but for his own benefits and abuse the exploits and flaws that were made public.<BR/><BR/>Here is the link to my original post from August 5, 2007:<BR/>http://www.roysac.com/blog/2007/08/new-online-banking-security-process.html<BR/><BR/>and here the one to my follow up post from August 12, 2007:<BR/>http://www.roysac.com/blog/2007/08/why-worry-today-if-your-bank-account.html<BR/><BR/>Cheers!<BR/>CarstenCarsten a.k.a. Roy/SAChttps://www.blogger.com/profile/01020073071020674102noreply@blogger.com