Re: [fw-wiz] Transitive Trust: 40 million credit cards hack'd
From: Kevin (kkadow_at_gmail.com)
To: Brian Loe <firstname.lastname@example.org> Date: Tue, 21 Jun 2005 14:00:24 -0500
On 6/21/05, Brian Loe <email@example.com> wrote:
> I had no idea anyone was doing this, what an excellent example
> for future employers!
I'm not sure if this is a sarcastic dig at me, at E*Trade/AOL, or if it
is meant to as a serious comment?
I am not privy to the details, but a close a look at the history of SecurID
token deployment inside AOL could be an educational example of an
employer's deployment of hardware tokens to address social engineering
attacks against support staff accounts...
> > Take for example the SecurID tokens issued by E*Trade and AOL.
> > Does anybody really believe that E*Trade is giving their
> > customers "free" tokens to help protect the user from
> > hackers, rather than to protect E*Trade from users who say "I
> > didn't make that losing trade, my account must have been
> > hacked, refund my losses!"?
The "I didn't make that losing trade" scenario is a big deal for online
trading firms, second only to complaints about how long it took to
execute the customer's odd lot :)
Disclaimer: While I have in the past worked for a trading firm which
was later acquired by E*Trade, I have never been an E*Trade employee
or contractor, and I bear them no ill will. I am a moderator of the unofficial
SecurID users group, http://groups.yahoo.com/group/securid-users/
firewall-wizards mailing list