This is a classic misunderstanding: if the app/software stack is compromised, the hardware token usually helps little, because the attacker might often trick the user into signing malformed transactions (e.g. modified bank account). #HSM #2FAhttps://twitter.com/io_r_us/status/934692918866120705 …
-
-
I only recall one article about a successful attack on that - iirc the attacker modified the online banking UI client-side to show a fake incoming transaction and prompt the user to "send the money back". faked transaction list and balance.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.