Re: [fw-wiz] Transitive Trust: 40 million credit cards hack'd

From: Kevin Sheldrake (kev_at_electriccat.co.uk)
Date: 06/27/05


To: "Behm, Jeffrey L." <BehmJL@bvsg.com>, "Paul Melson" <pmelson@gmail.com>, "Marcus J. Ranum" <mjr@ranum.com>, "David Lang" <david.lang@digitalinsight.com>
Date: Mon, 27 Jun 2005 11:12:42 +0100

Without wanting to drag this analogy too far...

If you only care about your own systems, then outrunning the other guys
might work. If you also care about systems that store and process your
information, then you might have more of a problem on your hands.

Imagine that it is no longer just your own life that you are worried
about, but that of your new born babies (your personal information). Some
of these babies get passed to adoring aunties and uncles and, in extreme
cases, grandparents, where they are happily looked after. When the
machine-gun-wielding army of bears appears on the horizon, you'll still
outrun the other guys, but some of your babies might get eaten. To
counter this, you need to outrun the bears, outrun the other guys, but
also keep tabs on, and protect, all the custodians of your babies.

Changing the state of the industry, so that all people have the
opportunity to purchase and wear bear-resistant armour should lower your
exposure to bear-related catastrophies.

:)

Kev

> And you (and others) assume there's only two runners.
>
> I still think I'll make an attempt to out run the bear and
> be as tough a target as I can afford, and hope the bear is
> smart enough to pursue the easy targets.
>
> The point is, don't make yourself the _easy_ target, when there are
> things you can do that the other (easier targets) aren't doing.
> When there are enough bears and few targets, everyone will get
> attacked, but don't lightly toss aside the benefit of making
> yourself as hard a target as you can afford. Right now, there
> are still plenty of honey-soaked targets for the bears to enjoy.
>
> I'm not necessarily saying this is a completely fail-safe way to
> secure your environment, but from what I have seen of other
> environments, at least the honey isn't dripping off you and
> leaving a trail for the bear to easily follow. Let it drip off
> the other guy(s).
>
> Jeff
>
> -----Original Message-----
> From: Paul Melson
>
> The problem with that strategy being, you assume that there's only one
> bear.
>
> PaulM
>
> -----Original Message-----
> True, Marcus, but not everyone _does_ use 2 factor auth. So, at this
> point,
> it can be effective. You don't gotta outrun the bear, just the guy next
> to
> you.
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
>

-- 
Kevin Sheldrake MEng MIEE CEng CISSP
Electric Cat (Cheltenham) Ltd
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


Relevant Pages

  • Re: [fw-wiz] Transitive Trust: 40 million credit cards hackd
    ... You don't gotta outrun the bear, ... attacking tokens and other OTP schemes requires a whole different ... So long as there are plenty of easy targets which do NOT require a better ... rather to protect *us*, we will have a revolt on our hands:) ...
    (Firewall-Wizards)
  • Re: F-13 new wireless routers -
    ... My security is better than theirs, ... Reminds me of the joke about the two hikers preparing for a bear ... "I don't have to outrun the bear I ...
    (Fedora)
  • RE: [fw-wiz] Transitive Trust: 40 million credit cards hackd
    ... be as tough a target as I can afford, and hope the bear is ... smart enough to pursue the easy targets. ... things you can do that the other (easier targets) aren't doing. ... secure your environment, but from what I have seen of other ...
    (Firewall-Wizards)
  • Re: Are Performance Appraisals Obsolete?
    ... of the WPR range, then they demoted you or offered you a chance to resign. ... Two guys are walking in the woods when a bear charges ... shoes won't allow you to outrun a bear!" ... "I don't need to outrun the bear. ...
    (sci.research.careers)
  • Re: Deterring piracy through personalized custom .pdf
    ... I can agree with your comments on steganography, ... and I just have to take my lumps like everyone. ... bear, I smiled and said I don't have to outrun the bear, I just have to ...
    (comp.text.pdf)