[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ISN] Cyber Fears on Fed's Web Plan
Forwarded from: Eric Hacker <isn@xxxxxxxxxxxxxx>
On Mon, 16 Aug 2004 03:28:44 -0500 (CDT), InfoSec News wrote:
> With little fanfare, the Federal Reserve will begin transferring the
> nation's money supply over an Internet-based system this month - a
> move critics say could open the U.S.'s banking system to cyber
> Patti Lorenzen, a spokeswoman for the Federal Reserve, said the
> agency is taking every precaution.
> "Of course, we will not discuss the specifics of our security
> measures for obvious reasons," she said.
Hmmm. Are the reason's obvious because we are dealing with a
bureaucratic government agency that still has the bassackwards idea
that security through obscurity works?
Most security engineering is a compromise between cost and risk, and
maybe it is unwise to go into detail about those compromises (maybe
not). Regular Multi-million dollar transactions, like electronic
voting, do not fall into that category. This should be a rock solid as
AES and go through just as much public review.
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/