Re: [fw-wiz] Transitive Trust: 40 million credit cards hack'd
From: Kevin Sheldrake (kev_at_electriccat.co.uk)
Date: 06/27/05
- Previous message: Toderick, Lee W: "[fw-wiz] SSH brute force attack"
- In reply to: Behm, Jeffrey L.: "RE: [fw-wiz] Transitive Trust: 40 million credit cards hack'd"
- Next in thread: Behm, Jeffrey L.: "RE: [fw-wiz] Transitive Trust: 40 million credit cards hack'd"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Behm, Jeffrey L." <BehmJL@bvsg.com>, "Paul Melson" <pmelson@gmail.com>, "Marcus J. Ranum" <mjr@ranum.com>, "David Lang" <david.lang@digitalinsight.com> Date: Mon, 27 Jun 2005 11:12:42 +0100
Without wanting to drag this analogy too far...
If you only care about your own systems, then outrunning the other guys
might work. If you also care about systems that store and process your
information, then you might have more of a problem on your hands.
Imagine that it is no longer just your own life that you are worried
about, but that of your new born babies (your personal information). Some
of these babies get passed to adoring aunties and uncles and, in extreme
cases, grandparents, where they are happily looked after. When the
machine-gun-wielding army of bears appears on the horizon, you'll still
outrun the other guys, but some of your babies might get eaten. To
counter this, you need to outrun the bears, outrun the other guys, but
also keep tabs on, and protect, all the custodians of your babies.
Changing the state of the industry, so that all people have the
opportunity to purchase and wear bear-resistant armour should lower your
exposure to bear-related catastrophies.
:)
Kev
> And you (and others) assume there's only two runners.
>
> I still think I'll make an attempt to out run the bear and
> be as tough a target as I can afford, and hope the bear is
> smart enough to pursue the easy targets.
>
> The point is, don't make yourself the _easy_ target, when there are
> things you can do that the other (easier targets) aren't doing.
> When there are enough bears and few targets, everyone will get
> attacked, but don't lightly toss aside the benefit of making
> yourself as hard a target as you can afford. Right now, there
> are still plenty of honey-soaked targets for the bears to enjoy.
>
> I'm not necessarily saying this is a completely fail-safe way to
> secure your environment, but from what I have seen of other
> environments, at least the honey isn't dripping off you and
> leaving a trail for the bear to easily follow. Let it drip off
> the other guy(s).
>
> Jeff
>
> -----Original Message-----
> From: Paul Melson
>
> The problem with that strategy being, you assume that there's only one
> bear.
>
> PaulM
>
> -----Original Message-----
> True, Marcus, but not everyone _does_ use 2 factor auth. So, at this
> point,
> it can be effective. You don't gotta outrun the bear, just the guy next
> to
> you.
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
-- Kevin Sheldrake MEng MIEE CEng CISSP Electric Cat (Cheltenham) Ltd _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Toderick, Lee W: "[fw-wiz] SSH brute force attack"
- In reply to: Behm, Jeffrey L.: "RE: [fw-wiz] Transitive Trust: 40 million credit cards hack'd"
- Next in thread: Behm, Jeffrey L.: "RE: [fw-wiz] Transitive Trust: 40 million credit cards hack'd"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
