[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Inherent Insecurity of Internet Commerce! (was RE: Secret Clearance)

To: "[email protected]" <[email protected]>
Subject: Inherent Insecurity of Internet Commerce! (was RE: Secret Clearance)
From: Pete Loshin <[email protected]>
Date: Wed, 6 Dec 1995 15:48:05 -0500
Sender: [email protected]

OK, I'll try again. First, as I recall, SECRET clearance 
is actually not very high: when I got it, I had to answer 
a bunch of questions (do you abuse illegal drugs? are 
you now or have you ever been a member of any 
organizations? have you ever been _arrested_ for anything?) 
and fill out some forms and get fingerprinted. They 
probably did a credit check, and that was about it. 
Nobody I knew got any calls asking about my habits 
(that is reserved for higher clearances).

So now I'll rename the thread again: "Inherent Insecurity 
of Internet Commerce" -- <sarcasm>maybe now the NYT 
will feature me on the front page for "discovering" this
inherent flaw in the Internet.</sarcasm>

My purpose in renaming the thread in the first place 
was to start another thread relating to the types of 
security in places like, say, Netscape or Spyglass 
or CyberCash or First Virtual or Interramp or any 
other ISP or software company. Because I want to 
know how susceptible these companies are to hiring 
the wrong people.

So, here's the "bug": if some agency of crime/espionage 
wants to subvert any of these systems, all they need 
do is employ the same blackmail/bribe techniques 
used to recruit actual spies on some employees of 
these companies. They then slip in some hacked 
versions of the software with the good ones, or modify 
distribution servers, or slip code into servers that 
forwards every tenth credit card number somewhere.

Or how about getting a janitor to plug a wireless tap 
into one of the major Internet backbones to sniff for 
cc#s as well as interesting e-mail?

Also, since there's enough noise here already (and 
even I don't see that much crypto-relevance) I won't 
post again on this topic, but I am very interested in 
hearing concrete examples of how Internet companies 
are protecting themselves, and also in hearing about 
specific instances of security failing (e.g., has anyone 
ever found a tap on a backbone?)

-Pete Loshin
 [email protected]

Prev by Date: Re: Note on "Barring Netscape"
Next by Date: Re: News on Congressional Debate on Exon
Prev by thread: Re: Note on "Barring Netscape"
Next by thread: Kim Philby in Washington
Index(es):
- Date
- Thread