Schneier on Security

A blog covering security and security technology.

« Good Essay on TSA Stupidity | Main | Friday Squid Blogging: Rising Squid Populations off the Coast of Rhode Island »

July 11, 2008

Security Cartoon

Posted on July 11, 2008 at 12:09 PM • 6 Comments • View Blog Reactions

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Comments

If Ross Anderson and his team are correct then he could do it in less than thirteen guesses (if I remember correctly) if he was talking to the bank security hardware (due to a mistake in protocols)...

Posted by: Clive Robinson at July 11, 2008 1:55 PM

Hey, at least there's nobody sitting at the stool.

Posted by: Larry at July 11, 2008 3:51 PM

The problem with that attack (from the attacker's perspective) is that if you want to get away with it you need to figure out how to rent a booth inside an amusement park in a way that will not be traceable back to you later. I'm sure that's possible with a combination of social engineering and forgery, but the profit-to-risk ratio is not particularly appealing compared to other kinds of attacks.

Posted by: Jonadab the Unsightly One at July 11, 2008 9:24 PM

"if you want to get away with it you need to figure out how to rent a booth inside an amusement park in a way that will not be traceable back to you later."

You are going to find a carnie the day after the carnival leaves town?

Posted by: clvrmnky at July 13, 2008 2:03 PM

Heh and it isn't that far from the truth. A journo in the UK did something similar a while back http://www.itnews.com.au/News/74161,free-chocolate-provides-password-bounty.aspx

Posted by: Morgan Storey at July 13, 2008 9:00 PM

This made me laugh for a few minutes

Posted by: Ali at July 15, 2008 7:09 AM