A landmark study on Department of Justice network crime prosecutions reveals most attacks used stolen IDs and passwords, resulting in far greater damages to affected organizations than previously thought: up to USD 10 million per occurrence and on average more than USD 1.5 million per occurrence. The report, “Network Attacks: Analysis of Department of Justice Prosecutions 1999-2006“, concludes that 84% of attacks could have been prevented if, in addition to checking the user ID and password, the organization had verified the identity of the computer connecting to their networks and accounts.
If someone can send a false ID and password, what’s to
prevent them from sending a false ID for their computer?
Computers just do what the User tells them to, they are no more honest than the User in front of the keyboard.
Perhaps some sort of biometric data, along with an ID and password, might make it harder to defraud others —
Unless someone is suggesting serializing all computer hardware ever made (good luck with that!).
> If someone can send a false ID and password, what’s
> to prevent them from sending a false ID for their
> computer?
Public key encryption, digital signatures, and the fact that nobody but the owner of a private key ever gets access to it.
Edited 2006-08-29 19:40