Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Transitive Trust: 40 million credit cards hack'd

From: "Behm, Jeffrey L." <BehmJL () bvsg com>
Date: Mon, 20 Jun 2005 11:25:53 -0500
On Sunday, June 19, 2005 4:40 PM, Marcus J. Ranum spake:


David Lang wrote:

2. require authentication that isn't fully contained on the 
remote system (i.e. a token or one-time password, a digital
certificate with a passphrase is NOT good enough)


That doesn't work, either. If you assume that the endpoint is insecure
(and it is, so that's a safe assumption) the 2 factor authentication

works

only because it's harder to bypass than a password. If everyone was
using 2 factor authentication, you can bet hacker toolkits would be
full of nasty rootkits and malware that stole live sessions, or typed
keystrokes into live sessions once they came up (transparently, of

course)


mjr. 


True, Marcus, but not everyone _does_ use 2 factor auth. So, at this
point, it can be effective.  You don't gotta outrun the bear, just
the guy next to you.

Jeff
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: