mobile phone + password = 2 factor auth?
Seth Vidal
skvidal at fedoraproject.org
Tue May 26 17:11:10 UTC 2009
On Tue, 26 May 2009, Till Maas wrote:
>
> Why is this? Even an attacker that got access to your desktop without
> specifically targetting a Fedora infrastructure team member can afterwards
> compromise your phone, once he noticed that you use it to login to Fedora. The
> browser cache or e-mails may indicate that you login to Fedora and some config
> files for phone synchronization can show the attacker, how the phone can be
> compromised.
Doesn't this same argument stand if you plug the yubikey into the machine?
Ie: sniff the incoming usb traffic and grab the "password" that the
yubikey has just inputted?
-sv
More information about the infrastructure
mailing list