[4402] in WWW Security List Archive
Re: ActiveX Bank-Quicken Exploit
daemon@ATHENA.MIT.EDU (Geoffrey Leeming)
Thu Feb 13 13:21:22 1997
To: "WWW Security List" <WWW-SECURITY@ns2.rutgers.edu>
From: Geoffrey Leeming <geoffrey@indiciis.com>
Date: Thu, 13 Feb 1997 15:10:41 +0100
Errors-To: owner-www-security@ns2.rutgers.edu
Just to take the discussion back a few steps, last week someone mentioned
that the Quicken exploit is not that worrying, because attacks would have to
go unnoticed for a long period.
Extract from the 1996 UK Security Breaches Survey, by DTI/NCC/ICL/ITSEC:
"In some cases security incidents continued undetected over a period of
time. One incident involved the fraudulent payment of company funds into an
employee's bank account for over two years and resulted in an "immediate"
cost to the company of =A3650,000. "
If companys who PAY people to manage their finances don't notice
unauthorised payments, what chance of the SoHo user noticing?
Geoffrey Leeming 0171 592 3007 - Office Direct Dial
Consultant 0171 836 0567 - Fax
Indicii Salus Ltd. 0956 844 168 - Mobile
