Firewall Wizards mailing list archives
RE: Transitive Trust: 40 million credit cards hack'd
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Sun, 19 Jun 2005 17:39:47 -0400
David Lang wrote:
2. require authentication that isn't fully contained on the remote system (i.e. a token or one-time password, a digital certificate with a passphrase is NOT good enough)
That doesn't work, either. If you assume that the endpoint is insecure (and it is, so that's a safe assumption) the 2 factor authentication works only because it's harder to bypass than a password. If everyone was using 2 factor authentication, you can bet hacker toolkits would be full of nasty rootkits and malware that stole live sessions, or typed keystrokes into live sessions once they came up (transparently, of course) mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Host based vs network firewall in datacenter, (continued)
- Re: Host based vs network firewall in datacenter Devdas Bhagat (Jun 13)
- Re: Host based vs network firewall in datacenter Alin-Adrian Anton (Jun 17)
- Transitive Trust: 40 million credit cards hack'd Marcus J. Ranum (Jun 18)
- Re: Transitive Trust: 40 million credit cards hack'd Vin McLellan (Jun 18)
- Re: Transitive Trust: 40 million credit cards hack'd George Capehart (Jun 18)
- RE: Transitive Trust: 40 million credit cards hack'd Bill Royds (Jun 18)
- RE: Transitive Trust: 40 million credit cards hack'd Marcus J. Ranum (Jun 18)
- RE: Transitive Trust: 40 million credit cards hack'd Brian Loe (Jun 19)
- RE: Transitive Trust: 40 million credit cards hack'd Marcus J. Ranum (Jun 19)
- RE: Transitive Trust: 40 million credit cards hack'd David Lang (Jun 19)
- RE: Transitive Trust: 40 million credit cards hack'd Marcus J. Ranum (Jun 19)
- Re: Transitive Trust: 40 million credit cards hack'd Darren Reed (Jun 20)
- Re: Transitive Trust: 40 million credit cards hack'd Marcus J. Ranum (Jun 20)
- Re: Host based vs network firewall in datacenter Alin-Adrian Anton (Jun 17)
- Re: Host based vs network firewall in datacenter Devdas Bhagat (Jun 13)
- RE: Transitive Trust: 40 million credit cards hack'd Paul D. Robertson (Jun 19)
- Re: Transitive Trust: 40 million credit cards hack'd ArkanoiD (Jun 29)
- Re: Transitive Trust: 40 million credit cards hack'd Paul D. Robertson (Jun 30)
- RE: Transitive Trust: 40 million credit cards hack'd Paul Melson (Jun 21)
- Re: Host based vs network firewall in datacenter sin (Jun 30)