[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] [botnets] [funsec] Haxdoor: UK Police Count 8,
From:       Gadi Evron <ge () linuxbox ! org>
Date:       2006-10-30 19:49:47
Message-ID: Pine.LNX.4.21.0610301349020.23772-100000 () linuxbox ! org
[Download RAW message or body]

On Mon, 30 Oct 2006, bf wrote:
> "So, knowing full-well security is out of our hands, and relies on the
> security of our users. Knowing full-well that the same technology can be
> used to bypass 2-factor authentication, how do organizations handle their
> own security, if they are to have clients?"
> 
> Organizations make attempts to protect the resources immediately under
> their control and the losses incured by end user compromise are
> written off as a loss. Indeed, this sort of loss is so hard to
> quantify that the end user and "affected organization" (Bank for
> example) have no way of knowing how or why the account or identity of
> the end user was ever compromised.
> 
> IE:
> End user: "Wow my identity was stolen, how did that happen?"
> 
> Bank: "No problem, we'll issue you a new card/account/what-have-you.
> 
> But you know this already.

It is quantifiable (sp?), if the bank know it was stolen by certain means
already.

	Gadi.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]