Re: [ISN] Signs of Insecurity in Cyberspace - Analysis

From: mea culpa (jerichot_private)
Date: Sun Jul 05 1998 - 22:07:16 PDT

  • Next message: mea culpa: "Re: [ISN] ICSA employes an undercover hacker spy."

    Reply From: Chris Wilson <cmw32t_private>
    > Reply From: Matthew Patton <pattont_private>
    > we've done really is exchange a physical representation of money into an
    > electronic one. None of the long established banking mechanisms has changed
    > in any significant way. If your are doing bank to bank transfers, you
    > simply move the digital coins to the other end, making sure you delete them
    > out of your vault. Otherwise you could have 2 different banks/entities both
    > claiming to have possession of the same coin. As we all know, computer
    > snafus aren't exactly rare events.
    There's a problem with this, though. Electronic coinage can be copied
    directly as a series of bytes. Physical coinage includes the defense
    measures you stated earlier as protection against one-for-one copying.
    What's to stop someone literally pulling an electronic coin off their own
    smartcard and putting ten identical ones back? If he spends them at
    different locations and different times then there is no immediate way to
    tell that they are counterfeit. One possibility would be to contact the
    bank and ask if they will accept the coin (which they would presumably do
    only if they didn't already have a copy of it), but that leaves the way
    open for a denial of service attack where you can "steal" random people's
    money by paying the equivalent e-coins into your own bank account first.
    When the real owners try to pay their money in the bank will see that they
    already have those coins and dismiss the real versions as fakes.
    Perhaps it would help if only banks and authorised retailers had the keys
    which could unlock the crypto layer of a person's smart card to download
    the e-coins, but this only makes fraud slightly harder, not impossible.
    I've been thinking about this problem for a while and I still haven't come
    up with a better solution than this.
    > It is by caffeine alone I set my mind in motion, it is by the beans of Java
    > that thoughts acquire speed, the hands acquire shaking, the shaking becomes
    > a warning, it is by caffeine alone I set my mind in motion.
    That's by far the coolest signature I've seen in a long time. =D
       ___ __     _  
     /'__// / ,__(_)_ Wilson <Chris.Wilsont_private>
    / (_ / ,\/ _/ /_ \ Webmaster/SysAdmin/Timelord/BOFH/Programmer
    \__//_/_/_//_/___/ "1998 isn't MCMXCVIII. The Romans would have used MIIM"
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated []

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:58:01 PDT