Firewall Wizards mailing list archives
RE: Transitive Trust: 40 million credit cards hack'd
From: "Richards, Jim" <jim.richards () dot state wi us>
Date: Mon, 20 Jun 2005 15:51:39 -0500
The problem with that analogy is that the bear will be much more motivated and persistent when the runner is coated in honey (or credit card information). Jim Richards Computer Security Officer Wisconsin Department of Transportation -----Original Message----- From: Behm, Jeffrey L. [mailto:BehmJL () bvsg com] Sent: Monday, June 20, 2005 11:26 AM To: Marcus J. Ranum; David Lang Cc: Firewal Wizards Subject: RE: [fw-wiz] Transitive Trust: 40 million credit cards hack'd On Sunday, June 19, 2005 4:40 PM, Marcus J. Ranum spake:
David Lang wrote:2. require authentication that isn't fully contained on the remote system (i.e. a token or one-time password, a digital certificate with a passphrase is NOT good enough)That doesn't work, either. If you assume that the endpoint is insecure (and it is, so that's a safe assumption) the 2 factor authentication
works
only because it's harder to bypass than a password. If everyone was using 2 factor authentication, you can bet hacker toolkits would be full of nasty rootkits and malware that stole live sessions, or typed keystrokes into live sessions once they came up (transparently, of
course)
mjr.
True, Marcus, but not everyone _does_ use 2 factor auth. So, at this point, it can be effective. You don't gotta outrun the bear, just the guy next to you. Jeff _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Transitive Trust: 40 million credit cards hack'd Behm, Jeffrey L. (Jun 20)
- Message not available
- RE: Transitive Trust: 40 million credit cards hack'd Marcus J. Ranum (Jun 20)
- Re: Transitive Trust: 40 million credit cards hack'd Adam Shostack (Jun 20)
- RE: Transitive Trust: 40 million credit cards hack'd Bill Sharrock (Jun 29)
- RE: Transitive Trust: 40 million credit cards hack'd Marcus J. Ranum (Jun 20)
- Message not available
- RE: Transitive Trust: 40 million credit cards hack'd Paul D. Robertson (Jun 20)
- Re: Transitive Trust: 40 million credit cards hack'd Kevin (Jun 20)
- RE: Transitive Trust: 40 million credit cards hack'd Brian Loe (Jun 21)
- Re: Transitive Trust: 40 million credit cards hack'd Kevin (Jun 21)
- Re: Transitive Trust: 40 million credit cards hack'd Kevin (Jun 20)
- <Possible follow-ups>
- RE: Transitive Trust: 40 million credit cards hack'd Richards, Jim (Jun 20)
- RE: Transitive Trust: 40 million credit cards hack'd Eugene Kuznetsov (Jun 20)
- RE: Broken Analogies (was: Transitive Trust) Ben Nagy (Jun 21)
- RE: Broken Analogies (was: Transitive Trust) Brian Loe (Jun 21)
- RE: Transitive Trust: 40 million credit cards hack'd Eugene Kuznetsov (Jun 20)
- RE: Transitive Trust: 40 million credit cards hack'd Paul Melson (Jun 21)
- Re: Transitive Trust: 40 million credit cards hack'd Kevin Sheldrake (Jun 30)