RE: [fw-wiz] Username password VS hardware token plus PIN

• Previous message: Luke Butcher: "RE: [fw-wiz] PAT on Cisco PIX 515"
• Maybe in reply to: MHawkins_at_TULLIB.COM: "[fw-wiz] Username password VS hardware token plus PIN"
• Next in thread: Frank Knobbe: "Re: [fw-wiz] Username password VS hardware token plus PIN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <firewall-wizards@honor.icsalabs.com>
Date: Tue, 22 Feb 2005 11:29:15 -0600

On Tuesday, February 22, 2005 10:51 AM mjr wrote:

>I suppose the closest that'd come would be a social engineering
>attack along the lines of:
> "Dear bozo@yourdomain.com -
> We need to change the batteries in your authentication token,
> as part of annual maintenance. Please mail it in the included
> business reply envelope within the next 30 days if you wish to
have
> continued access. Include a $20 bill for the battery
replacement service
> and disposal of the old batteries. There will be a $100 late
fee if you
> take longer than 30 days to return your authentication token
for
> service.
> Thank you,
> The Security Department,
> Yourdomain.com"
>
>And my guess is 10% of your average users would fall for it.

Interesting ploy, and likely plausible, but...

WWMS? (What Would Marcus Say?)
1) How do you define "average user?"
and
2) What scientific method did you use to back up your Gartner-esque
spewing of 10%?

Oh wait OK... at least you did say that was a guess... ;-)

>mjr.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Luke Butcher: "RE: [fw-wiz] PAT on Cisco PIX 515"
• Maybe in reply to: MHawkins_at_TULLIB.COM: "[fw-wiz] Username password VS hardware token plus PIN"
• Next in thread: Frank Knobbe: "Re: [fw-wiz] Username password VS hardware token plus PIN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]