[152] in WWW Security List Archive
Re: what are realistic threats
daemon@ATHENA.MIT.EDU (Nick Szabo)
Wed Sep 28 20:59:03 1994
From: szabo@netcom.com (Nick Szabo)
To: hallam@dxal18.cern.ch
Date: Wed, 28 Sep 1994 09:54:30 -0700 (PDT)
Cc: dmk@allegra.att.com, www-buyinfo@allegra.att.com,
www-security@ns1.rutgers.edu
In-Reply-To: <9409281519.AA19356@dxal18.cern.ch> from "hallam@dxal18.cern.ch" at Sep 28, 94 04:19:11 pm
Reply-To: szabo@netcom.com (Nick Szabo)
Phill:
> It is not a question of the amount of money at stake, the real danger
> comes from people who do not have monetary motivation, the terrorist
> and the like.
Do you have any statistics to back this up? I claim (with equal
amount of evidence :-) that the amount terrorism that impacts
electronic commerce (including $trillions per month in curency
trading, POS, credit card authorization, etc.) is infinitesimal
compared with the amount of fraud and theft perpetrated for personal
gain. I would rank the terrorist threat to Internet commerce as
completely ignorable. Well, I can think of one truly idiotic setup
that would make us vulnerable to terrorism, namely a single-rooted
certification heirarchy. That kind of vulnerability is easy
to avoid.
This invocation of terrorism is another symptom of computer
security folks still fighting the Cold War rather than looking
to solve the problems of electronic commerce. Use of Internet
resources to engage in terrorism, just as terrorists might use phones,
faxes, etc., might happen one day, but that has nothing to do with
the problems of Internet commerce.
Nick Szabo szabo@netcom.com
