[Full-disclosure] [botnets] [funsec] Haxdoor: UK Police Count 8, 500 Victims in Data Theft (So Far) (fwd)
Gadi Evron
ge at linuxbox.org
Mon Oct 30 19:49:47 GMT 2006
On Mon, 30 Oct 2006, bf wrote:
> "So, knowing full-well security is out of our hands, and relies on the
> security of our users. Knowing full-well that the same technology can be
> used to bypass 2-factor authentication, how do organizations handle their
> own security, if they are to have clients?"
>
> Organizations make attempts to protect the resources immediately under
> their control and the losses incured by end user compromise are
> written off as a loss. Indeed, this sort of loss is so hard to
> quantify that the end user and "affected organization" (Bank for
> example) have no way of knowing how or why the account or identity of
> the end user was ever compromised.
>
> IE:
> End user: "Wow my identity was stolen, how did that happen?"
>
> Bank: "No problem, we'll issue you a new card/account/what-have-you.
>
> But you know this already.
It is quantifiable (sp?), if the bank know it was stolen by certain means
already.
Gadi.
Full-Disclosure is hosted and sponsored by Secunia.