[17304] in cryptography@c2.net mail archive
Re: "SSL stops credit card sniffing" is a correlation/causality myth
daemon@ATHENA.MIT.EDU (Daniel Carosone)
Wed Jun 1 08:57:25 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 1 Jun 2005 14:49:27 +1000
From: Daniel Carosone <dan@geek.com.au>
To: "Perry E. Metzger" <perry@piermont.com>
Cc: Ian G <iang@systemics.com>, cryptography@metzdowd.com
Mail-Followup-To: "Perry E. Metzger" <perry@piermont.com>,
Ian G <iang@systemics.com>, cryptography@metzdowd.com
In-Reply-To: <87d5r7m2xf.fsf@snark.piermont.com>
--Jbyekxk18hnEXT0m
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, May 31, 2005 at 06:43:56PM -0400, Perry E. Metzger wrote:
> > So we need to see a "Choicepoint" for listening and sniffing and so
> > forth.
>=20
> No, we really don't.
Perhaps we do - not so much as a source of hard statistical data, but
as a source of hard pain.
People making (uninformed or ill-considered, despite our best efforts
to inform) business and risk decisions seemingly need concrete
examples to avoid.
Its depressing how much of what we actually achieve is determined by
primitive pain response reflexes - even when you're in the beneficial
position of having past insistences validated by the pain of others.
> The day to day problem of security at real financial institutions is
> the fact that humans are very poor at managing complexity, and that
> human error is extremely pervasive. I've yet to sit in a conference
> room and think "oh, if I only had more statistical data", but I've
> frequently been frustrated by gross incompetence.
Amen.
--
Dan.
--Jbyekxk18hnEXT0m
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)
iD8DBQFCnT5XEAVxvV4N66cRApk1AKC4fRk0TrhfuQde0bfpR66nYa6ehACgw/Bg
YPEkz54oJ0qAJ3wvyZNx55A=
=9u5l
-----END PGP SIGNATURE-----
--Jbyekxk18hnEXT0m--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
