Frackin script kiddies!!

[jarod-ajLrJawYSntWk0Htik3J/w at public.gmane.org (Jarod Wilson)]

On Fri, Aug 6, 2010 at 10:35 AM, Richard Pieri <richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> So... if I understand your argument, it can be summed up as "banks do it so it must be good."

More like "banks do it, so its not nearly as insecure as your initial
claim that it provides no security at all."

> If so then the premise itself is flawed: it isn't good. ?It was cheap and easy to implement 10 years ago and provided the semblance of security. ?And now we're stuck with it because Gramma doesn't see the need for encryption tokens and security certificates. ?It's too costly for the banks, etc., to convert everything over to a genuinely secure system and retrain millions of users to use it.

If it were completely and totally insecure, they would. Sure, its not
the strongest security it could be, but as you said, its not worth the
cost of upgrading. Its good enough to keep out all but the really
determined and/or highly proficient hacker and/or social engineer. So
yes, if the banks still deem it good enough to protect millions of
users financial information, I content that its also good enough to
protect mythweb from being screwed with by all but the most determined
hacker (though perhaps I do need to do the "blacklist IP after X
failed login tries" to closer to on par with what the banks have). Why
someone would be particularly determined to get at my television
recordings is again beyond me. The security in place is good enough
for what its protecting.

-- 
Jarod Wilson
jarod-ajLrJawYSntWk0Htik3J/w at public.gmane.org