Question on the state of the security industry
Ian Grigg
iang at systemics.com
Fri Jul 16 06:06:37 EDT 2004
Anne & Lynn Wheeler wrote:
> 1)
> Intuit warns of credit card risk
> http://news.com.com/Intuit+warns+of+credit+card+risk/2100-1029_3-5269821.html
One could postulate that the need to
notify customers, as pushed by California's
legislature, is an example of a good state
intervention.
Securing those credit cards will now carry
with it the cost of carrying out all that
notification kerfuffle, and other incidental
liabilities. This cost should easily outweigh
the cost of simple disk encryption systems.
> 2)
> Cyberattacks are soaring, countermeasures are sucking up tons of cash,
> and hardware and software vendors for the most part are sitting it out,
> *Bob Evans* says. But big customers are starting to say enough is
> enough, so the business-technology world is about to get whirled.
> http://www.informationweek.com/story/showArticle.jhtml;jsessionid=WK0LPHXYB4YSUQSNDBGCKHY?articleID=22104612
Bob Evans is obviously trying to introduce
people gently to the gathering storm. Is
he a softie? Or are his editors nervous?
He missed the big one: class action suits.
The big firms are mulling over this phishing
thing, and they don't quite smell the blood
yet, but they feel it should be there.
If I was (insert choice list of 4 companies),
I'd be having very rapid contingency meetings
on this. But I'm not so I don't care. Will
Kamishlian raised the spectre in this fine
contextual history essay:
http://www.financialcryptography.com/mt/archives/000174.html
> ...................
>
> i've been saying for some time that after market security is broken by
> design ... it is somewhat like after market seat belts of the 60s. for
> security to work, it has to be designed & built in from the start ....
I think you are too kind. Something that wasn't
designed except as a placebo for worried execs
can't really be broken.
> some relatively recent comments about after market security:
> http://www.garlic.com/~lynn/2002h.html#39 Oh, here's an interesting paper
> http://www.garlic.com/~lynn/2002p.html#27 Secure you PC or get kicked
> off the net?
> http://www.garlic.com/~lynn/2003n.html#14 Poor people's OS?
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list