RE: [fw-wiz] Transitive Trust: 40 million credit cards hack'd

From: David Lang (david.lang_at_digitalinsight.com)
Date: 06/19/05

  • Next message: Marcus J. Ranum: "RE: [fw-wiz] Transitive Trust: 40 million credit cards hack'd" 
    To: "Marcus J. Ranum" <mjr@ranum.com>
Date: Sun, 19 Jun 2005 14:34:31 -0700 (PDT)

    On Sun, 19 Jun 2005, Marcus J. Ranum wrote:

    > If you worry about this enough, you'll realize that eventually there
    > are 2 ways to address it:
    > - build multilevel secure computing systems (don't go there!)
    > - say "f*** it"
    > Most of the industry has chosen the second option, but didn't even
    > bother to think about it. :)

    actually, there are two additional options.

    1. don't allow the remote user excessive access to the local system
    (limit the damage they can do, not the best but still far better then
    your option #2)

    2. require authentication that isn't fully contained on the remote system
    (i.e. a token or one-time password, a digital certificate with a
    passphrase is NOT good enough)

    David Lang 

    -- 
There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies.
  -- C.A.R. Hoare
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Marcus J. Ranum: "RE: [fw-wiz] Transitive Trust: 40 million credit cards hack'd"