From the course: Threat Modeling: Spoofing In Depth
Attacking what you have
From the course: Threat Modeling: Spoofing In Depth
Attacking what you have
- Attacks on what you have are fairly simple and often easy, especially compared to attacks on other factors. An announcement that Adam Shostack needs to return to the airport security checkpoint happens because I've left my wallet or ID full of things I used to have. We've all seen cartoons where a prisoner tries to get the sheriff's dog to trade the key to the cell for a tasty bone. What you have can be a nifty little dongle, a keyring worth of them, or a badge. I can steal that dongle. I can take pictures of your badge and print my own. I can buy a uniform on the internet. I can go after a specific authentication key or anyone that will get me in. Sometimes the attacker targets a person, sometimes they target any person. Not only can I steal it, you can lose what you have, you can drop it in the, um, ocean, leave it behind when you travel, run down the battery, or get it confused with someone else's. The object you have goes wrong two ways, people lose things and things get stolen. Both make it a poor choice as your only means of authentication.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.