Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Re MUST READ: NYTimes: Cyberwar for Sale

From: "Dave Farber" <farber () gmail com>
Date: Wed, 4 Jan 2017 17:02:26 -0500



Begin forwarded message:


From: "Roger Bohn" <Rbohn () ucsd edu>
Date: January 4, 2017 at 4:28:30 PM EST
To: dave () farber net, ip <ip () listbox com>
Cc: lauren () vortex com
Subject: Re: [IP] MUST READ: NYTimes: Cyberwar for Sale

I don’t think there is any doubt about the need for 2-factor authentication. Some organizations have been using it 
for a decade, and with ubiquitous cell-phones its more convenient than before, as mentioned.

But, I ask from ignorance, how does this help with the main problem discussed in this article, namely installing 
malware inside a system? That malware can still be sent by any of the 3 methods. Where 2-factor does help is “daisy 
chaining” attacks that use logins from one phishing victim to get into multiple sites. But that’s not what happened 
to Podesta, for example.

Roger Bohn
Professor of Technology Management
School of Global Policy and Strategy
UC San Diego
+1 858 381-2015 cell/text Blog: Art2science.org

On 4 Jan 2017, at 9:28, Dave Farber wrote:




Begin forwarded message:


From: Lauren Weinstein <lauren () vortex com>
Date: January 4, 2017 at 11:57:55 AM EST
To: nnsquad () nnsquad org
Subject: [ NNSquad ] MUST READ: NYTimes: Cyberwar for Sale


MUST READ: NYTimes: Cyberwar for Sale

http://www.nytimes.com/2017/01/04/magazine/cyberwar-for-sale.html

     There are three methods, Scarafile explained, for getting the
   Remote Control System onto a target's device.  Customers can
   gain physical access to the device and then infect it with a
   USB stick or memory card. They can beam the R.C.S. in over a
   Wi-Fi network. Or they can send the customer an email and get
   him to click on an infected attachment -- usually a file from
   a brand-name program like Microsoft Word or PowerPoint ...

- - -

I am increasingly considering the possibility that 2-factor
authentication systems will need to be made mandatory for all users,
not just optional as is usually the case today at least in
non-corporate environments. Of course 2-factor isn't foolproof, and
there is some user hassle factor involved in using 2-factor (though a
well designed 2-factor system, such as Google's, reduces the hassle
notably). But it's just too easy to phish accounts that are only
protected by a simple password. It's probably time to bite the bullet
on this one.

--Lauren--
REPORT Fake News Here! - https://factsquad.com
CRUSHING the Internet Liars - https://vortex.com/crush-net-liars



Archives  | Modify  Your Subscription | Unsubscribe Now        




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170104170235:7D489C82-D2C9-11E6-B87E-C8A89EB7A54A
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: