Black Hat 2009: SSL insecurity and MultiFactor

New flaws with how SSL is implemented were revealed at Black Hat 2009, but SecureAuth can’t be tricked.

These flaws can trick a user in to thinking they are at a legitimate web site. The main problem with SSL is not that the attack is undetectable, but that end-users have to inspect the server-side certificate, and know what they are looking for. (How often do you click on the ‘lock’ icon in your browser? And, would you know if something was not right?)

SecureAuth protects against these and other attacks by automating the process. SecureAuth, as part of the authentication process, makes sure the end-user is connected to the legitimate server, before asking for a password.

This level of security is simple to deploy to your cloud services, web servers and remote access VPNs, providing two-factor authentication that satisfies PCI and other regulatory mandates, and goes beyond other 2-factor solutions that are really just password replacements.

Check out the website at for more information about what Multifactor can do for you. The product comes recommended by some of my professional contacts.

Posted via web from John Dierckx