Firewall Wizards mailing list archives
RE: A little paranoia for the weekend...
From: "Josh Welch" <jwelch () buffalowildwings com>
Date: Tue, 29 Jul 2003 15:53:42 -0500
Paul Robertson said:
On Mon, 28 Jul 2003 ark () eltex net wrote:Sure. That's what one-time passwords are for ;-)Classic security/admin mindset-- The data is often much more important than the credential. Protecting the credential doesn't solve the problem for most situations. That's why we spent so much time as an industry on SSL, and not enough on Web server security.
In this case, however, it seems to have been the credentials that were compromised. From what I have seen of gotomypc, their data security is pretty good. The problem lies in keeping secure credentials that may be used in god knows what kind of circumstances. The instance of the trojaned terminal at some public location seems to be how this type of system would be most likely compromised. Josh _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- A little paranoia for the weekend... Josh Welch (Jul 25)
- Re: A little paranoia for the weekend... ark (Jul 29)
- Re: A little paranoia for the weekend... Paul Robertson (Jul 29)
- RE: A little paranoia for the weekend... Josh Welch (Jul 29)
- RE: A little paranoia for the weekend... Paul Robertson (Jul 29)
- Re: A little paranoia for the weekend... ark (Jul 29)
- Re: A little paranoia for the weekend... Paul Robertson (Jul 29)
- Re: A little paranoia for the weekend... ark (Jul 29)
- <Possible follow-ups>
- RE: A little paranoia for the weekend... Behm, Jeffrey L. (Jul 29)
- RE: A little paranoia for the weekend... Paul Robertson (Jul 29)
- Re: A little paranoia for the weekend... Joseph Steinberg (Jul 29)
- RE: A little paranoia for the weekend... Ben Nagy (Jul 30)