"SSL stops credit card sniffing" is a correlation/causality myth
Daniel Carosone
dan at geek.com.au
Wed Jun 1 00:49:27 EDT 2005
On Tue, May 31, 2005 at 06:43:56PM -0400, Perry E. Metzger wrote:
> > So we need to see a "Choicepoint" for listening and sniffing and so
> > forth.
>
> No, we really don't.
Perhaps we do - not so much as a source of hard statistical data, but
as a source of hard pain.
People making (uninformed or ill-considered, despite our best efforts
to inform) business and risk decisions seemingly need concrete
examples to avoid.
Its depressing how much of what we actually achieve is determined by
primitive pain response reflexes - even when you're in the beneficial
position of having past insistences validated by the pain of others.
> The day to day problem of security at real financial institutions is
> the fact that humans are very poor at managing complexity, and that
> human error is extremely pervasive. I've yet to sit in a conference
> room and think "oh, if I only had more statistical data", but I've
> frequently been frustrated by gross incompetence.
Amen.
--
Dan.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20050601/ea5b5113/attachment.pgp>
More information about the cryptography
mailing list