RE: [fw-wiz] A little paranoia for the weekend...

From: Josh Welch (jwelch_at_buffalowildwings.com)
Date: 07/29/03

  • Next message: Paul Robertson: "RE: [fw-wiz] A little paranoia for the weekend..."
    To: "Paul Robertson" <proberts@patriot.net>, <ark@eltex.net>
    Date: Tue, 29 Jul 2003 15:53:42 -0500
    
    

    Paul Robertson said:
    >
    > On Mon, 28 Jul 2003 ark@eltex.net wrote:
    >
    > > Sure. That's what one-time passwords are for ;-)
    >
    > Classic security/admin mindset--
    >
    > The data is often much more important than the credential. Protecting
    > the credential doesn't solve the problem for most situations. That's why
    > we spent so much time as an industry on SSL, and not enough on Web server
    > security.
    >
    In this case, however, it seems to have been the credentials that were
    compromised. From what I have seen of gotomypc, their data security is
    pretty good. The problem lies in keeping secure credentials that may be used
    in god knows what kind of circumstances. The instance of the trojaned
    terminal at some public location seems to be how this type of system would
    be most likely compromised.
    Josh

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Paul Robertson: "RE: [fw-wiz] A little paranoia for the weekend..."