Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Frackin script kiddies!!



On Fri, Aug 6, 2010 at 10:35 AM, Richard Pieri <richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> So... if I understand your argument, it can be summed up as "banks do it so it must be good."

More like "banks do it, so its not nearly as insecure as your initial
claim that it provides no security at all."

> If so then the premise itself is flawed: it isn't good. ?It was cheap and easy to implement 10 years ago and provided the semblance of security. ?And now we're stuck with it because Gramma doesn't see the need for encryption tokens and security certificates. ?It's too costly for the banks, etc., to convert everything over to a genuinely secure system and retrain millions of users to use it.

If it were completely and totally insecure, they would. Sure, its not
the strongest security it could be, but as you said, its not worth the
cost of upgrading. Its good enough to keep out all but the really
determined and/or highly proficient hacker and/or social engineer. So
yes, if the banks still deem it good enough to protect millions of
users financial information, I content that its also good enough to
protect mythweb from being screwed with by all but the most determined
hacker (though perhaps I do need to do the "blacklist IP after X
failed login tries" to closer to on par with what the banks have). Why
someone would be particularly determined to get at my television
recordings is again beyond me. The security in place is good enough
for what its protecting.

-- 
Jarod Wilson
jarod-ajLrJawYSntWk0Htik3J/w at public.gmane.org







BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org