Quote of the month

Security pro Brian Krebs (krebsonsecurity.com) recently wrote an article on a client that is suing its bank after $440k was stolen via cyber theft:

http://krebsonsecurity.com/2010/11/escrow-co-sues-bank-over-440k-cyber-theft/

The issue or control breakdown in this case appears to be that the bank allowed transfers of money to other accounts using only a single password for protection. Krebs provides some useful insight into building security systems for online banking, or indeed any other processes that originate outside of one’s security domain:

“Any security or authentication mechanism that does not start with the assumption that the customer’s system is already compromised by malicious software does not have a prayer of defeating today’s malicious attacks

A great quote!