Schneier on Smartcards and Holding Secrets
Bruce wrote a short letter to a trade mag (Internet world? I've lost it since) worth reporting. The jist was, if a smartcard contains Bank Secrets but is held by customers which do not share the same goals/responsibility as the owner of the secrets, this is *poor security design*. ------------------------------------------------------------ David Honig Orbit Technology honig@otc.net Intaanetto Jigyoubu "I actually thought Silicon Valley was where women went to get fixed." ---LA Mayor Richard Riordan 98.02.19
David Honig wrote:
Bruce wrote a short letter to a trade mag (Internet world? I've lost it since) worth reporting. The jist was, if a smartcard contains Bank Secrets but is held by customers which do not share the same goals/responsibility as the owner of the secrets, this is *poor security design*.
LEA's in Montreal (?) just raided a place churning out a wide variety of Lucky Green Freelance Socialist Smartcards (TM). It seems that the Electronic Horatio Algers involved simply bought the same type of equipment that banks,etc., use, and placed hidden cameras in business areas where charge/debit cards were used. The LEAs spoke about millions of dollars worth of fraud, but I don't think they were including possible losses by secret government agencies skimming private funds for black-bag jobs and illegal arms deals. The 'criminals' will probably turn out to be ex-employees of the Oliver North Campaign Fund Drive. Toto
On Mon, 27 Apr 1998, David Honig wrote:
Bruce wrote a short letter to a trade mag (Internet world? I've lost it since) worth reporting. The jist was, if a smartcard contains Bank Secrets but is held by customers which do not share the same goals/responsibility as the owner of the secrets, this is *poor security design*.
No kidding. Duh. -- Lucky Green <shamrock@cypherpunks.to> PGP v5 encrypted email preferred. "Tonga? Where the hell is Tonga? They have Cypherpunks there?"
Lucky Green wrote: | On Mon, 27 Apr 1998, David Honig wrote: | | > | > Bruce wrote a short letter to a trade mag (Internet world? I've | > lost it since) worth reporting. The jist was, if a smartcard | > contains Bank Secrets but is held by customers which do not | > share the same goals/responsibility as the owner of the secrets, this is | > *poor security design*. | | No kidding. Duh. I make this point by saying 'if the smartcard is my agent, its useful. If its the bank's agent--well, its under my complete control, isn't it?' Adam -- Just be thankful that Microsoft does not manufacture pharmaceuticals.
participants (4)
-
Adam Shostack -
David Honig -
Lucky Green -
Toto