Tweet
No, no, it's, "the Internet is as secure as it's always been!" 
Good point about availability. That's one of the three pillars of INFOSEC, the others being confidentiality and integrity. That's why it took us longer to dismantle Saddam's communications network the first time around. It was using a smaller version of the Internet, a design with resilience in mind.
However, even two-factor auth can be gotten, and it has been. At one employer, we were using SecurID, which meant PIN and the six-digit SecurID code. Something you know, something you have. We had to exchange all of our SecurID tokens for new ones after RSA had gotten pwn3d. Further, if your box is infected with a keylogger, the baddies can be in your box and have a good time as well, because once you're logged in, you generally stay logged in until there's an activity time-out.
Good point about availability. That's one of the three pillars of INFOSEC, the others being confidentiality and integrity. That's why it took us longer to dismantle Saddam's communications network the first time around. It was using a smaller version of the Internet, a design with resilience in mind.
However, even two-factor auth can be gotten, and it has been. At one employer, we were using SecurID, which meant PIN and the six-digit SecurID code. Something you know, something you have. We had to exchange all of our SecurID tokens for new ones after RSA had gotten pwn3d. Further, if your box is infected with a keylogger, the baddies can be in your box and have a good time as well, because once you're logged in, you generally stay logged in until there's an activity time-out.
Comment