[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

2FA, was A Deep Dive on the Recent Widespread DNS Hijacking

Subject: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking
From: kmedcalf at dessus.com (Keith Medcalf)
Date: Tue, 26 Feb 2019 20:56:22 -0700
In-reply-to: <[email protected]>

I did write my own TOTP client.  However, why do you assume that I am talking about a TOTP client and not the referred webpage which requires the unfettered execution of third-party (likely malicious) javascript in order to view?  Not to mention requiring the use of (also quite possibly malicious) downloaded fonts?

---
The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.

>-----Original Message-----
>From: NANOG [mailto:nanog-bounces+kmedcalf=dessus.com at nanog.org] On
>Behalf Of Seth Mattinen
>Sent: Tuesday, 26 February, 2019 09:36
>To: nanog at nanog.org
>Subject: Re: 2FA, was A Deep Dive on the Recent Widespread DNS
>Hijacking
>
>On 2/25/19 9:59 PM, Keith Medcalf wrote:
>> Are you offering an indemnity in case that code is malicious?  What
>are the terms and the amount of the indemnity?
>
>
>Anyone who is that paranoid should read the RFC and write their own
>TOTP
>client that lets them indemnify themselves from their own code.

Follow-Ups:
- 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking
  - From: hf0002+nanog at uah.edu (Hunter Fuller)
- 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking
  - From: ross at tajvar.io (Ross Tajvar)

References:
- 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking
  - From: sethm at rollernet.us (Seth Mattinen)

Prev by Date: A Deep Dive on the Recent Widespread DNS Hijacking
Next by Date: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking
Previous by thread: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking
Next by thread: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking
Index(es):
- Date
- Thread