Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Everything you know about password-stealing is wrong

isoloisti (1610133) writes | about a year and a half ago

Security 1

isoloisti (1610133) writes "An article by some Microsofties in the latest issue of Computing Now magazine claims we have got passwords all wrong.

When money is stolen consumers are reimbursed for stolen funds and it is money mules, not banks or retail customers, who end up with the loss. Stealing passwords is easy, but getting money out is very hard. Passwords are not the bottleneck in cyber-crime and replacing them with something stronger won’t reduce losses. The article concludes that banks have no interest in shifting liability to consumers, and that the switch to financially-motivated cyber-crime is good news, not bad.

Article is online at computer.org site (hard-to-read multipage format)
http://www.computer.org/portal/web/computingnow/content?g=53319&type=article&urlTitle=is-everything-we-know-about-password-stealing-wrong-
or pdf at author’s site.
http://research.microsoft.com/pubs/161829/EverythingWeKnow.pdf"

Link to Original Source

cancel ×

1 comment

Sorry! There are no comments related to the filter you selected.

extremely counter-intuitive... (1)

crutchy (1949900) | about a year and a half ago | (#42864939)

"banks have no interest in shifting liability to consumers" ...but i must admit i actually sort of agree with this, or at least it doesn't seem way beyond the realm of possibility even though it seems unlikely in this era of bank super profits and legal shomozzles.

i'm with ing and just about every revision to their t.o.s. seems to be about protecting online banking more and offering more protections, so while they seem to be alert to the problem, i haven't seen much in the way of duck shoving or passing the buck.

ing is one of the larger banks. i can't say anything for other banks.

the only thing i would add is that at the end of the day, bank losses are customer losses, because when banks start losing the shareholder gets priority... so fees increase (often only subtly to maintain lack of awareness)

credit unions are a bit different again because customers are shareholders, but i think overhead efficiencies probably aren't as good for smaller institutions so fees are usually still pretty high, and there is also less capacity to prevent cybercrime (or deal with its consequences)

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>