RE: [fw-wiz] Transitive Trust: 40 million credit cards hack'd

From: Eugene Kuznetsov (eugene_at_datapower.com)
Date: 06/21/05

  • Next message: Kevin: "Re: [fw-wiz] Transitive Trust: 40 million credit cards hack'd" 
    To: "'Richards, Jim'" <jim.richards@dot.state.wi.us>, "'Behm, Jeffrey L.'" <BehmJL@bvsg.com>, "'Marcus J. Ranum'" <mjr@ranum.com>, "'David Lang'" <david.lang@digitalinsight.com>
Date: Mon, 20 Jun 2005 19:24:59 -0400

    > >(and it is, so that's a safe assumption) the 2 factor authentication
    > works
    > >only because it's harder to bypass than a password. If everyone was
    ...
    > The problem with that analogy is that the bear will be much
    > more motivated
    > and persistent when the runner is coated in honey (or credit card
    > information).

    There's an interesting thought here, one that really takes us into the realm
    of epidemiology or toxicology. Bears aside, what is the expected, normal
    rate of such incidents? Is it getting worse? Better? Risk factors?
    Correlation?

    Anyone know of any papers that try to think of computer security incidents
    like "[awful-disease] clusters"?

    P.S. As for outrunning bears, I don't think I like that analogy much,
    especially in a complex regulatory environment, automated attack tools and
    increasing emphasis on using compromised machines or data as merely a link
    in a chain of malicious activity, rather than an end in itself.

    P.P.S. Credit card theft is actually one of the least terrifying or damaging
    things that can happen.

    \\ Eugene Kuznetsov, Chairman & CTO : eugene@datapower.com
    \\ DataPower Technology, Inc. : Web Services security
    \\ http://www.datapower.com : XML-aware networks

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Kevin: "Re: [fw-wiz] Transitive Trust: 40 million credit cards hack'd"