Bruce Schneier | |||||||||||||||
Schneier on SecurityA blog covering security and security technology. « Good Essay on TSA Stupidity | Main | Friday Squid Blogging: Rising Squid Populations off the Coast of Rhode Island » July 11, 2008Security CartoonPosted on July 11, 2008 at 12:09 PM • 6 Comments • View Blog Reactions To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter. If Ross Anderson and his team are correct then he could do it in less than thirteen guesses (if I remember correctly) if he was talking to the bank security hardware (due to a mistake in protocols)... Posted by: Clive Robinson at July 11, 2008 1:55 PM The problem with that attack (from the attacker's perspective) is that if you want to get away with it you need to figure out how to rent a booth inside an amusement park in a way that will not be traceable back to you later. I'm sure that's possible with a combination of social engineering and forgery, but the profit-to-risk ratio is not particularly appealing compared to other kinds of attacks. Posted by: Jonadab the Unsightly One at July 11, 2008 9:24 PM "if you want to get away with it you need to figure out how to rent a booth inside an amusement park in a way that will not be traceable back to you later." You are going to find a carnie the day after the carnival leaves town? Posted by: clvrmnky at July 13, 2008 2:03 PM Heh and it isn't that far from the truth. A journo in the UK did something similar a while back http://www.itnews.com.au/News/74161,free-chocolate-provides-password-bounty.aspx Posted by: Morgan Storey at July 13, 2008 9:00 PM Post a comment
Powered by Movable Type. Photo at top by Steve Woit.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT. |
|
Comments