Firewalls: Re: VNPs and things --

Firewalls
(April 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: VNPs and things --
From:	Chris Woods <cjwoods @ Paladin . COM>
Organization:	Paladin Computing Solutions, Inc.
Date:	Wed, 24 Apr 1996 12:36:02 -0400
To:	mjr @ v-one . com
Cc:	Firewalls @ GreatCircle . COM
References:	<199604220620 . CAA08465 @ clark . net>

Marcus J. Ranum wrote:

[...]

> logistics(!) bank transactions, stock trades -- all manner of
> completely, mind-bogglingly scary stuff. But it's OK because
> it hasn't made the New York Times. Yet.
> 
>         Perhaps the security model of the future is the
> "school of fish" technology. Assume that if all the fish
> "just do it" a few will get snapped up and eaten but the
> vast majority will continue to cheerfully swim and spawn
> and be happy. Come to think of it, that's the "security
> model" for credit cards. I'm getting cynical in my old
> age, aren't I?

This is a conclusion I came to a long time ago, but without any studies
to back up my theories. ;-)

I have actually always believed that for most people, performing a
financial transaction (credit card-based, especially) is actually more
secure over the Internet than what people are used to today. You go to
the store to buy a pair of jeans. This store is not the most
technologically advanced place in the world, and they still have those
little sliding things to process your credit card info. The clerk puts
your credit card in the machine, slides the thingy over it (highly
techno-dweeb jargon here, folks), pulls the useful papers out, and
throws the carbon in the trash, with your credit card information on it.

I know many, many people who place telephone orders for goods and/or
services on their cordless phones. Anyone with a basic police scanner
knows how easy it is to listen in on cordless phone conversations within
a range of, say, 1/2 mile or so.

But this stuff isn't getting any attention in
[name-your-favorite-periodical-or-tv-news-program-here]. That's because
it's commonplace, people don't care, it isn't sensational, it doesn't
make for an interesting story, advertisers don't pay for ad space in the
show that airs that story, etc...

This is not to say that I believe that we all ought to throw in the
towel. After all, if it weren't for all that media coverage (however
justified it may be) many of the readers of this list would not be so
secure in their chosen professions.

	-cjw

References:

Re: VNPs and things --
From: "Marcus J. Ranum" <mjr @ clark . net>

Indexed By Date	Previous:	Re: configuring a firewall with firewall1 From: Don Pollock - Omnes - Engineering <pollock @ houston . omnes . net>
Indexed By Date	Next:	Any sites for DBMS/firewalls/security ?? From: shishir+email @ ftp . com
Indexed By Thread	Previous:	Re: VNPs and things -- From: "Marcus J. Ranum" <mjr @ clark . net>
Indexed By Thread	Next:	Re: VNPs and things -- From: Michael Morse <mmorse @ nsf . gov>