A landmark study on Department of Justice network crime prosecutions reveals most attacks used stolen IDs and passwords, resulting in far greater damages to affected organizations than previously thought: up to USD 10 million per occurrence and on average more than USD 1.5 million per occurrence. The report, “Network Attacks: Analysis of Department of Justice Prosecutions 1999-2006“, concludes that 84% of attacks could have been prevented if, in addition to checking the user ID and password, the organization had verified the identity of the computer connecting to their networks and accounts.
Analysis of Department of Justice Prosecutions 1999-2006
Submitted by anonymous 2006-08-28 Privacy, Security 2 Comments
If someone can send a false ID and password, what’s to
prevent them from sending a false ID for their computer?
Computers just do what the User tells them to, they are no more honest than the User in front of the keyboard.
Perhaps some sort of biometric data, along with an ID and password, might make it harder to defraud others —
Unless someone is suggesting serializing all computer hardware ever made (good luck with that!).