Re: Question on the state of the security industry

2004-07-16 Thread Anne Lynn Wheeler
A couple recent news stories 1) Intuit warns of credit card risk http://news.com.com/Intuit+warns+of+credit+card+risk/2100-1029_3-5269821.html 2) Cyberattacks are soaring, countermeasures are sucking up tons of cash, and hardware and software vendors for the most part are sitting it out, *Bob

Re: Question on the state of the security industry

2004-07-13 Thread Amir Herzberg
[EMAIL PROTECTED] wrote: McAfee Research has proposed solutions to some of their larger customers and has an anti-phishing white paper: http://www.networkassociates.com/us/_tier2/products/_media/mcafee/wp_an tiphishing.pdf the paper, at:

RE: Question on the state of the security industry

2004-07-12 Thread Michael_Heyman
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ian Grigg Sent: Wednesday, June 30, 2004 6:49 AM Here's my question - is anyone in the security field of any sort of repute being asked about phishing, consulted about solutions, contracted to build? Anything? McAfee

Re: Question on the state of the security industry (second half not necessarily on topic)

2004-07-09 Thread Matt Blaze
On Jul 3, 2004, at 14:22, Dave Howe wrote: Well if nothing else, it is impossible for my bank to send me anything I would believe via email now To take this even slightly more on-topic - does anyone here have a bank capable of authenticating themselves to you when they ring you? I have had

RE: authentication and authorization (was: Question on the state of the security industry)

2004-07-08 Thread Anne Lynn Wheeler
At 07:23 AM 7/5/2004, Anton Stiglic wrote: Identity has many meanings. In a typical dictionary you will find several definitions for the word identity. When we are talking about information systems, we usually talk about a digital identity, which has other meanings as well. If you are in the

Re: Question on the state of the security industry (second half not necessarily on topic)

2004-07-08 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Jason H olt writes: [...] I had the same question about the NSA when some friends were interviewing there. Apparently investigators will just show up at your house and want to know all sorts of things about your friends, who you may or may not know to be in the

RE: authentication and authorization (was: Question on the state of the security industry)

2004-07-08 Thread Anton Stiglic
However, in some scenarios http://www.garlic.com/~lynn/2001h.html#61 the common use of static data is so pervasive that an individual's information is found at thousands of institutions. The value of the information to the criminal is that the same information can be used to perpetrate fraud

Re: Question on the state of the security industry (second half not necessarily on topic)

2004-07-07 Thread Jason Holt
On Sun, 4 Jul 2004, Ed Reed wrote: I recently had the same trouble with the Centers for Disease Control (CDC) - who were calling around to followup on infant influenza innoculations given last fall. Ultimately, they wanted me to provide authorization to them to receive HIPPA protected

Re: Question on the state of the security industry

2004-07-07 Thread Peter Gutmann
Steve Furlong [EMAIL PROTECTED] writes: On Wed, 2004-06-30 at 06:49, Ian Grigg wrote: Here's my question - is anyone in the security field of any sort of repute being asked about phishing, consulted about solutions, contracted to build? Anything? Nothing here. Spam is the main concern on

authentication and authorization (was: Question on the state of the security industry)

2004-07-07 Thread Nicholas Bohm
At 12:26 PM 7/1/2004, John Denker wrote: The object of phishing is to perpetrate so-called identity theft, so I must begin by objecting to that concept on two different grounds. Subsequent posters have doubted the wisdom of quibbling with the term identity theft. I think the terminology

RE: authentication and authorization (was: Question on the state of the security industry)

2004-07-07 Thread Anton Stiglic
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Denker Sent: 1 juillet 2004 14:27 To: [EMAIL PROTECTED] Cc: Ian Grigg Subject: Re: authentication and authorization (was: Question on the state of the security industry) 1) For starters, identity theft

Re: Question on the state of the security industry

2004-07-04 Thread Ian Grigg
[EMAIL PROTECTED] wrote: I shared the gist of the question with a leader of the Anti-Phishing Working Group, Peter Cassidy. Thanks Dan, and thanks Peter, ... I think we have that situation. For the first time we are facing a real, difficult security problem. And the security experts have shot

Re: Question on the state of the security industry (second half not necessarily on topic)

2004-07-04 Thread Ed Reed
I recently had the same trouble with the Centers for Disease Control (CDC) - who were calling around to followup on infant influenza innoculations given last fall. Ultimately, they wanted me to provide authorization to them to receive HIPPA protected patient records from my son's pediatrician,

Re: authentication and authorization (was: Question on the state of the security industry)

2004-07-03 Thread Anne Lynn Wheeler
At 12:26 PM 7/1/2004, John Denker wrote: The object of phishing is to perpetrate so-called identity theft, so I must begin by objecting to that concept on two different grounds. there are two sides of this some amount of crime statistics call it ID-theft which plausibly could be either

Re: Question on the state of the security industry (second half not necessarily on topic)

2004-07-01 Thread Joseph Ashwood
- Original Message - From: Ian Grigg [EMAIL PROTECTED] Subject: Question on the state of the security industry Here's my question - is anyone in the security field of any sort of repute being asked about phishing, consulted about solutions, contracted to build? Anything? I am

Re: Question on the state of the security industry

2004-07-01 Thread Steve Furlong
On Wed, 2004-06-30 at 06:49, Ian Grigg wrote: Here's my question - is anyone in the security field of any sort of repute being asked about phishing, consulted about solutions, contracted to build? Anything? Nothing here. Spam is the main concern on people's minds, so far as I can tell.

Re: authentication and authorization (was: Question on the state of the security industry)

2004-07-01 Thread John Denker
Ian Grigg wrote: The phishing thing has now reached the mainstream, epidemic proportions that were feared and predicted in this list over the last year or two. OK. For the first time we are facing a real, difficult security problem. And the security experts have shot their wad. The object

Question on the state of the security industry

2004-06-30 Thread Ian Grigg
The phishing thing has now reached the mainstream, epidemic proportions that were feared and predicted in this list over the last year or two. Many of the solution providers are bailing in with ill- thought out tools, presumably in the hope of cashing in on a buying splurge, and hoping to turn