RE: [fw-wiz] Transitive Trust: 40 million credit cards hack'd

• Previous message: David Lang: "RE: [fw-wiz] Transitive Trust: 40 million credit cards hack'd"
• In reply to: David Lang: "RE: [fw-wiz] Transitive Trust: 40 million credit cards hack'd"
• Next in thread: Darren Reed: "Re: [fw-wiz] Transitive Trust: 40 million credit cards hack'd"
• Reply: Darren Reed: "Re: [fw-wiz] Transitive Trust: 40 million credit cards hack'd"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: David Lang <david.lang@digitalinsight.com>
Date: Sun, 19 Jun 2005 17:39:47 -0400

David Lang wrote:
> 2. require authentication that isn't fully contained on the remote system (i.e. a token or one-time password, a digital certificate with a passphrase is NOT good enough)

That doesn't work, either. If you assume that the endpoint is insecure
(and it is, so that's a safe assumption) the 2 factor authentication works
only because it's harder to bypass than a password. If everyone was
using 2 factor authentication, you can bet hacker toolkits would be
full of nasty rootkits and malware that stole live sessions, or typed
keystrokes into live sessions once they came up (transparently, of course)

mjr.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: David Lang: "RE: [fw-wiz] Transitive Trust: 40 million credit cards hack'd"
• In reply to: David Lang: "RE: [fw-wiz] Transitive Trust: 40 million credit cards hack'd"
• Next in thread: Darren Reed: "Re: [fw-wiz] Transitive Trust: 40 million credit cards hack'd"
• Reply: Darren Reed: "Re: [fw-wiz] Transitive Trust: 40 million credit cards hack'd"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]