"SSL stops credit card sniffing" is a correlation/causality myth
Perry E. Metzger
perry at piermont.com
Wed Jun 1 08:04:18 EDT 2005
Daniel Carosone <dan at geek.com.au> writes:
> On Tue, May 31, 2005 at 06:43:56PM -0400, Perry E. Metzger wrote:
>> > So we need to see a "Choicepoint" for listening and sniffing and so
>> > forth.
>>
>> No, we really don't.
>
> Perhaps we do - not so much as a source of hard statistical data, but
> as a source of hard pain.
That might not be such a bad thing. Object lessons have a way of
whipping people in to shape. A few more heads rolling might convince
others that security isn't optional.
In the late 1960s, several major brokerage firms went under because
they didn't have their accounting systems sufficiently automated. The
people on the business people thought of I.T. as a necessary evil
rather than as the backbone of their business, and they paid the
price.
At intervals, business gets major accounting scandals, about every 20
to 40 years when people forget about the last set. I suspect
I.T. crises are similar. It has been so long since the last one
happened in the financial industry that the institutional memory of it
is now gone, so we're ripe for another.
It is my prediction that we will, in the next five years, get the
failure of a couple of international financial institutions because of
insufficient attention to systems security, again because there are a
few executives in the business who do not understand that I.T. is not
an expense that needs managing but rather the nervous system of the
company.
> People making (uninformed or ill-considered, despite our best efforts
> to inform) business and risk decisions seemingly need concrete
> examples to avoid.
Indeed.
Perry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list