Two-factor authentication for websites: expensive and useless
Schneier reports on a man-in-the-middle attack used against two-factor authentication on a banking website. It's not rocket-science by any means. It's just a shame that many banks have invested in this technology and forced it on their customers under false pretences.
