Marcus J. Ranum wrote:
>In the case where you have a human guard in the system,
>the human guard will generally (assuming it's not a
>$7/hr idiot) so dramatically out-perform a computer system
>that you may as well omit the computer system entirely.
>
>
I roll to disbelieve. This study shows 71% of people will give up their
password for a candy bar
http://www.enterpriseitplanet.com/security/news/article.php/3342871
Kevin Mitnick was most successful with exploits that involved social
engineering. I don't actually believe that "Private Bob" is
significantly resistant to a social engineering attack.
* Scientist: Bob, this here is my girlfriend, and I don't want my
wife to find out, so could you look the other way?
* Bob: Why, sure ...
Like other multi-factor authentication systems, I suspect that
biometrics + human guard works much better than either in isolation.
Crispin
--
Crispin Cowan, Ph.D. http://immunix.com/~crispin/
CTO, Immunix http://immunix.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Apr 15 2005
Intro
