RE: Transitive Trust: 40 million credit cards hack'd

["Eugene Kuznetsov" <eugene () datapower com>]

> > (and it is, so that's a safe assumption) the 2 factor authentication
> works
> > only because it's harder to bypass than a password. If everyone was
...
> The problem with that analogy is that the bear will be much 
> more motivated
> and persistent when the runner is coated in honey (or credit card
> information).

There's an interesting thought here, one that really takes us into the realm
of epidemiology or toxicology. Bears aside, what is the expected, normal
rate of such incidents? Is it getting worse? Better? Risk factors?
Correlation? 

Anyone know of any papers that try to think of computer security incidents
like "[awful-disease] clusters"? 


P.S. As for outrunning bears, I don't think I like that analogy much,
especially in a complex regulatory environment, automated attack tools and
increasing emphasis on using compromised machines or data as merely a link
in a chain of malicious activity, rather than an end in itself. 

P.P.S. Credit card theft is actually one of the least terrifying or damaging
things that can happen.


\\ Eugene Kuznetsov, Chairman & CTO  : eugene () datapower com 
\\ DataPower Technology, Inc.        : Web Services security 
\\ http://www.datapower.com          : XML-aware networks   


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards