RE: Transitive Trust: 40 million credit cards hack'd

["Paul D. Robertson" <paul () compuwar net>]

On Mon, 20 Jun 2005, Behm, Jeffrey L. wrote:

> True, Marcus, but not everyone _does_ use 2 factor auth. So, at this
> point, it can be effective.  You don't gotta outrun the bear, just
> the guy next to you.

That assumes (1) a single bear OR (2) that you can outrun the bear in the
time it takes it to disable the other target.

Autonomous malcode changes that equation, as does semi-random targeting.

Now, personally, I'm all for making most of the current crop of attacker
tools outdated, not because I think it'll make us safe, but because it'll
force attackers to keep up, and I'd rather they not be provided the
option of being lazy if we all have to work too.  But more importantly,
two factor authentication starts to provide a really good base for
accountability- and THAT is what we *need*.  The only problem is that the
m0r0ns will all want "soft tokens" to lower the attacker's bar again.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards