Firewalls: Re: security policy

Firewalls
(November 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: security policy
From:	Nick Di Giovanni <U953001 @ RUTADMIN . Rutgers . Edu>
Date:	Fri, 17 Nov 95 09:40 EST
To:	Firewalls Discussion List <FIREWALLS @ GREATCIRCLE . COM>

Dermot Tynan writes:

>If you take something like SecurID, and their handheld time-based
>authentication units, if you knew the algorithm and serial number
>involved, you could possibly predict the next number.

Whoa!  What a minute!   Please don't drop something like this statement and
leave it without any clarification and supporting information.  What serial
number are you referring to?  What evidence do you have to prove this
exposure exists?

I've heard vague rumors about this type of weakness in SecurID but everytime
I ask for specifics the person touting the exposure is unable to support it.
Please, if you know something for sure then I'm all ears.

Regards,
Nick Di Giovanni
IS Audit Manager
Rutgers University

Follow-Ups:

Re: security policy
From: Dermot Tynan <dtynan @ fws . ilo . dec . com>

Indexed By Date	Previous:	Mbone seminar 21st Nov 16:15UTC: FIREWALLS AS A NETWORK SECURITY TOOL From: Piete Brooks <Piete . Brooks @ cl . cam . ac . uk>
Indexed By Date	Next:	Stop me Now! From: bmanning @ ISI . EDU
Indexed By Thread	Previous:	Re: security policy From: Dermot Tynan <dtynan @ fws . ilo . dec . com>
Indexed By Thread	Next:	Re: security policy From: Dermot Tynan <dtynan @ fws . ilo . dec . com>