Quote of the month

Security pro Brian Krebs (krebsonsecurity.com) recently wrote an article on a client that is suing its bank after $440k was stolen via cyber theft:

http://krebsonsecurity.com/2010/11/escrow-co-sues-bank-over-440k-cyber-theft/

The issue or control breakdown in this case appears to be that the bank allowed transfers of money to other accounts using only a single password for protection. Krebs provides some useful insight into building security systems for online banking, or indeed any other processes that originate outside of one’s security domain:

“Any security or authentication mechanism that does not start with the assumption that the customer’s system is already compromised by malicious software does not have a prayer of defeating today’s malicious attacks

A great quote!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s