Re: [fw-wiz] Transitive Trust: 40 million credit cards hack'd

From: Kevin (
Date: 06/21/05

  • Next message: Mark Teicher: "Re: [fw-wiz] Equifax Canada"
    To: Brian Loe <>
    Date: Tue, 21 Jun 2005 14:00:24 -0500

    On 6/21/05, Brian Loe <> wrote:
    > I had no idea anyone was doing this, what an excellent example
    > for future employers!

    I'm not sure if this is a sarcastic dig at me, at E*Trade/AOL, or if it
    is meant to as a serious comment?

    I am not privy to the details, but a close a look at the history of SecurID
    token deployment inside AOL could be an educational example of an
    employer's deployment of hardware tokens to address social engineering
    attacks against support staff accounts...

    > > Take for example the SecurID tokens issued by E*Trade and AOL.
    > >
    > > Does anybody really believe that E*Trade is giving their
    > > customers "free" tokens to help protect the user from
    > > hackers, rather than to protect E*Trade from users who say "I
    > > didn't make that losing trade, my account must have been
    > > hacked, refund my losses!"?

    The "I didn't make that losing trade" scenario is a big deal for online
    trading firms, second only to complaints about how long it took to
    execute the customer's odd lot :)

    Kevin Kadow

    Disclaimer: While I have in the past worked for a trading firm which
    was later acquired by E*Trade, I have never been an E*Trade employee
    or contractor, and I bear them no ill will. I am a moderator of the unofficial
    SecurID users group,
    firewall-wizards mailing list

  • Next message: Mark Teicher: "Re: [fw-wiz] Equifax Canada"