Skip to Content
8-06-2008 @ 7:05AM
I'm fairly sure that Authenticator keys are single-use and they expire in 60 seconds. So wouldn't the attacker have to be using some type of man in the middle attack to prevent the credentials from reaching the login server if he was keylogging? In addition, there is no discernible pattern to the codes, since it is a list of codes, not an algorithm.The more likely answer, as you said, is physical security failure. It could have been a combination of both -- a keylogger to steal login/pass, and "borrowing" the Authenticator for the code. Still only a guess though...
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.