Firewall Wizards mailing list archives
RE: Username password VS hardware token plus PIN
From: "Behm, Jeffrey L." <BehmJL () bvsg com>
Date: Tue, 22 Feb 2005 11:29:15 -0600
On Tuesday, February 22, 2005 10:51 AM mjr wrote:
I suppose the closest that'd come would be a social engineering attack along the lines of: "Dear bozo () yourdomain com - We need to change the batteries in your authentication token, as part of annual maintenance. Please mail it in the included business reply envelope within the next 30 days if you wish to
have
continued access. Include a $20 bill for the battery
replacement service
and disposal of the old batteries. There will be a $100 late
fee if you
take longer than 30 days to return your authentication token
for
service. Thank you, The Security Department, Yourdomain.com" And my guess is 10% of your average users would fall for it.
Interesting ploy, and likely plausible, but... WWMS? (What Would Marcus Say?) 1) How do you define "average user?" and 2) What scientific method did you use to back up your Gartner-esque spewing of 10%? Oh wait OK... at least you did say that was a guess... ;-)
mjr.
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- AES SecurID Re: Username password VS hardware token plus PIN, (continued)
- AES SecurID Re: Username password VS hardware token plus PIN ArkanoiD (Feb 22)
- Re: Username password VS hardware token plus PIN Paul D. Robertson (Feb 22)
- Re: Username password VS hardware token plus PIN Patrick M. Hausen (Feb 22)
- Re: Username password VS hardware token plus PIN Frank Knobbe (Feb 22)
- RE: Username password VS hardware token plus PIN MHawkins (Feb 22)
- RE: Username password VS hardware token plus PIN MHawkins (Feb 22)
- Re: Username password VS hardware token plus PIN Kevin (Feb 22)
- Re: Username password VS hardware token plus PIN David Lang (Feb 24)
- Re: Username password VS hardware token plus PIN Kevin (Feb 22)
- RE: Username password VS hardware token plus PIN Crissup, John (MBNP is) (Feb 22)
- FW: Username password VS hardware token plus PIN Paul Melson (Feb 22)
- RE: Username password VS hardware token plus PIN Behm, Jeffrey L. (Feb 22)
- RE: Username password VS hardware token plus PIN MHawkins (Feb 22)
- Re: Username password VS hardware token plus PIN Kevin (Feb 23)
- Message not available
- RE: Username password VS hardware token plus PIN Marcus J. Ranum (Feb 23)
- RE: Username password VS hardware token plus PIN MHawkins (Feb 24)