[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] [botnets] [funsec] Haxdoor: UK Police Count 8, 500 Victims in Data Theft (So Far) (fwd)
- To: bf <illuminatus.master@xxxxxxxxx>
- Subject: Re: [Full-disclosure] [botnets] [funsec] Haxdoor: UK Police Count 8, 500 Victims in Data Theft (So Far) (fwd)
- From: Gadi Evron <ge@xxxxxxxxxxxx>
- Date: Mon, 30 Oct 2006 13:49:47 -0600 (CST)
On Mon, 30 Oct 2006, bf wrote:
> "So, knowing full-well security is out of our hands, and relies on the
> security of our users. Knowing full-well that the same technology can be
> used to bypass 2-factor authentication, how do organizations handle their
> own security, if they are to have clients?"
>
> Organizations make attempts to protect the resources immediately under
> their control and the losses incured by end user compromise are
> written off as a loss. Indeed, this sort of loss is so hard to
> quantify that the end user and "affected organization" (Bank for
> example) have no way of knowing how or why the account or identity of
> the end user was ever compromised.
>
> IE:
> End user: "Wow my identity was stolen, how did that happen?"
>
> Bank: "No problem, we'll issue you a new card/account/what-have-you.
>
> But you know this already.
It is quantifiable (sp?), if the bank know it was stolen by certain means
already.
Gadi.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/