| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.21.0610301349020.23772-100000@linuxbox.org> Date: Mon, 30 Oct 2006 13:49:47 -0600 (CST) From: Gadi Evron <ge@...uxbox.org> To: bf <illuminatus.master@...il.com> Cc: botnets@...testar.linuxbox.org, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, phishing@...testar.linuxbox.org Subject: Re: [botnets] [funsec] Haxdoor: UK Police Count 8, 500 Victims in Data Theft (So Far) (fwd) On Mon, 30 Oct 2006, bf wrote: > "So, knowing full-well security is out of our hands, and relies on the > security of our users. Knowing full-well that the same technology can be > used to bypass 2-factor authentication, how do organizations handle their > own security, if they are to have clients?" > > Organizations make attempts to protect the resources immediately under > their control and the losses incured by end user compromise are > written off as a loss. Indeed, this sort of loss is so hard to > quantify that the end user and "affected organization" (Bank for > example) have no way of knowing how or why the account or identity of > the end user was ever compromised. > > IE: > End user: "Wow my identity was stolen, how did that happen?" > > Bank: "No problem, we'll issue you a new card/account/what-have-you. > > But you know this already. It is quantifiable (sp?), if the bank know it was stolen by certain means already. Gadi. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists