|
> > I could think of many reasons to attack a pc, in fact a > compromised pc > > with > > a keyboard logger, phoning home could give someone a > valid user id/pwd > to > > any system that pc accesses. > > An excellent argument against single sign-on, by the > way... NOT! The vast majority of people synchronize (either automatically or manually) their passwords across similar systems, so if you are able to compromise a password on one system, chances are that password will work on many others. Real single signon, where the user only has one password that is authenticated against one system, provides no additional exposure, and in fact limits the number of potential points of compromise. jte -- John Earl | Chief Technology Officer The PowerTech Group 19426 68th Ave. S Seattle, WA 98032 (253) 872-7788 ext. 302 john.earl@xxxxxxxxxxxxx www.powertech.com This email message and any attachments are intended only for the use of the intended recipients and may contain information that is privileged and confidential. If you are not the intended recipient, any dissemination, distribution, or copying is strictly prohibited. If you received this email message in error, please immediately notify the sender by replying to this email message, or by telephone, and delete the message from your email system. -- > -----Original Message----- > From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l- > bounces@xxxxxxxxxxxx] On Behalf Of Joe Pluta > Sent: Saturday, April 23, 2005 7:23 AM > To: 'Midrange Systems Technical Discussion' > Subject: RE: Recent bugtraq postings > > > From: franz400 > > > > I could think of many reasons to attack a pc, in fact a > compromised pc > > with > > a keyboard logger, phoning home could give someone a > valid user id/pwd > to > > any system that pc accesses. > > An excellent argument against single sign-on, by the > way... > > But the question is do you have the time to do that? > Would you risk > your job for it? Do you know anybody who would? > > > > Joe (and others) - S3X & 400 programmers for > > years have been caught writing programs to capture info > for their own > > purposes. I've seen a few walked to the door. > > Just like we keep saying Menu > > Security is no security, guessing the ethics of each > employee is no > > security. > > Yes indeed, there are morally bankrupt individuals in any > field. I > think those folks don't keep their jobs very long, though; > the > combination of skill, intelligence, deception and lack of > moral > structure required is rather unique. > > > > There is a market out there, or power to be gained for > the inside info > of > > any company, big or small, and we have a world full of > entrepreneurs, > > thrillseekers, and just very curious people. > > And now an excellent argument against outsourcing, > especially out of > your country's jurisdiction. Here's a great story: > > http://1010wins.com/topstories/local_story_106085053.html > > Joe > > -- > This is the Midrange Systems Technical Discussion > (MIDRANGE-L) mailing list > To post a message email: MIDRANGE-L@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: > http://lists.midrange.com/mailman/listinfo/midrange-l > or email: MIDRANGE-L-request@xxxxxxxxxxxx > Before posting, please take a moment to review the > archives > at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
