--- begin forwarded text X-Sender: rah@pop.sneaker.net Mime-Version: 1.0 Date: Mon, 9 Mar 1998 17:37:24 -0500 To: dcsb@ai.mit.edu, dcsb-announce@ai.mit.edu From: Robert Hettinga <rah@shipwright.com> Subject: DCSB: Adam Shostack; No Silver Bullet -- Digital Commerce and Payment Security Cc: Adam Shostack <adam@homeport.org>, Jeremey Barrett <jeremey@bluemoney.com>, "Michael S. Baum" <michael@verisign.com> Sender: bounce-dcsb@ai.mit.edu Precedence: bulk Reply-To: Robert Hettinga <rah@shipwright.com> -----BEGIN PGP SIGNED MESSAGE----- The Digital Commerce Society of Boston Presents Adam Shostack Netect, Inc. "No Silver Bullet" Digital Commerce and Payment Security Tuesday, April 7, 1997 12 - 2 PM The Downtown Harvard Club of Boston One Federal Street, Boston, MA The traditional threats that apply to digital commerce systems are the same as the threats against all other commerce systems. But the communications networks that are available to the bad guys make possible and effective attacks that could never work before. Adam Shostack will examine some of these new threats to electronic commerce, some of the potential solutions, and share his vision of the future tools to protect commerce. New attacks against commerce include the automation of knowledge. The pickpocket of old needed to practice for years to learn how to be effective. Today's 14 year olds can download a package with a win95 interface to exploit security holes. The nature of the internet allows them to engage in these attacks anonymously. The anonymous nature of the net also means that people can engage in attacks that have a very small payoff, or a small chance of a large payoff. They also engage in attacks for the thrill of it, costing companies trust and confidence, as well as down time and its associated lost revenue. New methods of dealing with the threats and problems posed by the automation of new attacks will be required. Where 'traditional' security measures, such as firewalls, have failed to deal with the new attacks, there is need to try new approaches. This talk will cover the new breeds of attack, and the new methods of building secure foundations to help busy companies cope. Mr. Shostack is Director of Technology for Netect, Inc, a startup making innovative applications to help cope with the new breed of security problems. He has extensive background in designing, implementing and testing secure systems for clients in the medical, computer, and financial industries. His recent public work includes 'Apparent Weaknesses in the Security Dynamics Client Server Protocol,' 'Source Code Review Guidelines,' and comparisons of freely available cryptographic libraries. Adam was also one of the instructors, along with John Kelsey of Counterpane, and Gary Howland of SecureAccounts, in Ian Goldberg's FC98 Financial Cryptography Workshop, which was held in Anguilla in early March this year. This meeting of the Digital Commerce Society of Boston will be held on Tuesday, April 7, 1997, from 12pm - 2pm at the Downtown Branch of the Harvard Club of Boston, on One Federal Street. The price for lunch is $32.50. This price includes lunch, room rental, various A/V hardware, and the speaker's lunch. ;-). The Harvard Club *does* have dress code: jackets and ties for men (and no sneakers or jeans), and "appropriate business attire" (whatever that means), for women. Fair warning: since we purchase these luncheons in advance, we will be unable to refund the price of your lunch if the Club finds you in violation of the dress code. We will attempt to record this meeting for sale on CD/R, and to put it on the web in RealAudio format, at some future date. We need to receive a company check, or money order, (or, if we *really* know you, a personal check) payable to "The Harvard Club of Boston", by Saturday, April 4th, or you won't be on the list for lunch. Checks payable to anyone else but The Harvard Club of Boston will have to be sent back. Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston, Massachusetts, 02131. Again, they *must* be made payable to "The Harvard Club of Boston", in the amount of $32.50. Please include your e-mail address, so that we can send you a confirmation If anyone has questions, or has a problem with these arrangements (We've had to work with glacial A/P departments more than once, for instance), please let us know via e-mail, and we'll see if we can work something out. Upcoming speakers for DCSB are: May Jeremey Barrett Digital Bearer Certificate Protocols June Michael Baum PKI and the Commercial CA We are actively searching for future speakers. If you are in Boston on the first Tuesday of the month, and you would like to make a presentation to the Society, please send e-mail to the DCSB Program Commmittee, care of Robert Hettinga, <mailto: rah@shipwright.com>. For more information about the Digital Commerce Society of Boston, send "info dcsb" in the body of a message to <mailto: majordomo@ai.mit.edu> . If you want to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the body of a message to <mailto: majordomo@ai.mit.edu> . We look forward to seeing you there! Cheers, Robert Hettinga Moderator, The Digital Commerce Society of Boston -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.5.3 iQEVAwUBNQRurMUCGwxmWcHhAQFLyQf9H4KUArV/SocXwK6O5aW028g2NsFUp5qU PfZfFn+3paQrsG+9dhKAsDb+GvMYgS4ZADV+s1yZTeQjHShHST4o5WiHqOtd9ALY nWd3F9FDngiD8LuCXXoC4Q8vLEazsFSNSXJG9tCR+OkoJgLZFM3997AO4dNPLm59 u42EAzlt435AlFFvPRiVA3mvKf2eFDbdXMiE8x3vfZvoqSYl33EVH1j4PvUr3BU4 IP01x6Ap+Cs3SBoAFb27O57X7fX6MFascwn+h6Vv/gFxnpTwRXgUK+05Hzeh/ZUf Qe+tKR1cz1GqP7g0H9CHFLxHce0CB6f8izYhTxj6tsD6jB33aUWOFg== =Hdoe -----END PGP SIGNATURE----- ----------------- Robert Hettinga (rah@shipwright.com), Philodox e$, 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The e$ Home Page: http://www.shipwright.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To unsubscribe from this list, send a letter to: Majordomo@ai.mit.edu In the body of the message, write: unsubscribe dcsb-announce Or, to subscribe, write: subscribe dcsb-announce If you have questions, write to me at Owner-DCSB@ai.mit.edu --- end forwarded text ----------------- Robert Hettinga (rah@shipwright.com), Philodox e$, 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The e$ Home Page: http://www.shipwright.com/