Wed, 7 Aug 1996, Adam Shostack wrote:
Jüri Kaljundi wrote:
| At Defcon this year they promised to tell about some security flaws in | SecurID tokens, anyone know more about that?
My understanding is that the guy who was going to give the talk had nda difficulties. Vin? Did you make it out? The talk was going to be on race conditions, denial of service attacks, and the like.
This is something that seems to be a little problematic to me. Considering the 3-minute time slot, it seems fairly easy to somehow block the SecurID server at the time a user is sending his username/passcode, steal that information and allow a malicious user to enter that information into the server. Or have I misunderstood some security aspects? Jüri Kaljundi AS Stallion jk@stallion.ee