[136] in WWW Security List Archive
re: what are realistic threats? (second issue)
daemon@ATHENA.MIT.EDU (nsyfrig@wppost.depaul.edu)
Tue Sep 27 19:54:49 1994
From: nsyfrig@wppost.depaul.edu
Date: Tue, 27 Sep 1994 15:41:10 -0600
To: dmk@allegra.att.com, www-buyinfo@allegra.att.com,
www-security@ns1.rutgers.edu, zurko@osf.org
Reply-To: nsyfrig@wppost.depaul.edu
Once you unleash something like global electronic commerce in any form,
whether it's digital-cash based or transaction-based, you are creating
probably one of the most powerful magnets in history for all the hackers,
underworld figures, disgruntled people of all types. No matter what we
do, we will most likely create one of the ultimate stress tests as a
by-product: Not only will there be an interesting challenge for humans to
solve, but there is a real chance there will be money at the other end, or
at least a sense of an adventure if they get caught before they grab the
stash. As with all new crimes, the initial people stand the best chance of
getting away with it (the first few airline hijackers had a much higher
success rate until the airport security system was put into place).
Furthermore, depending on how anything was broken, it may be possible
to create "construction kits" sort of like the computer virus construction
kits that were around for a while (and may still be there for all I know).
Even in foolproof schemes, people can get lucky.
Do we punt? No. As people have said before in here and elsewhere,
we have other mechanisms to control the situation and ensure lawyers
stay employed. We just need to make sure we keep as many people as
honest as we can.
Nathan Syfrig
