Forwarded from: Eric Hacker <isn@private> Comments inline > http://www.theadvertiser.news.com.au/common/story_page/0,5936,8912876% > 255E421,00.html >> > By Simon Atkinson and Michael Corkill > 09 mar 04 > > ONLINE banking in Australia was fraught with danger and "manifestly > not suitable" for Internet transactions via the home computer, says > leading Internet security expert, Professor Bill Caelli, AO. It is 'experts' like Mr. Caelli that give serious InfoSec practitioners a bad name amongst business people. As illustrated below he doesn't seem to get the differences between vulnerabilities, threats, and risk. ... > "A home PC was never designed for home banking," said Professor > Caelli, .... "Do not use it, it's no longer safe." Was it ever safe by his definition? Banking online is safe because the banks cannot afford to have widespread fraud or any appearance of such. ... > "It is like telling people to stop driving their cars because the > roads are not safe," said ABA chief executive David Bell. Mr. Bell, a businessman, groks security better than Mr. Caelli the academic security expert. Cars are vulnerable to all kinds of attacks. Imagine one is driving down a country road. On the side is an obviously homemade detour sign pointing down a gravel road leading into a forest. Following this road and around the bend are a bunch of thugs who will threaten the car's occupants with guns, steal the car, and leave the occupants lost in the country. Mr. Caelli would have you believe that this is the fault of the car. Mr. Bell would be happy that everyone was safe and that one had car theft insurance. That is managing risk, not vulnerabilities. ... > The Brisbane-based Australian Computer Emergency Response Team > (ACERT), which handles national computer threats, said it had seen > a steady rise in e-mail "phishing expeditions" by hackers (attempts > to persuade consumers to click on fake web banking pages and > thereby gain access to account information and passwords). > > "It is not a major problem but it is a major concern," said general > manager Graham Ingram. Actually, in the financial industry phishing is a major problem right now. The financial industry wants to protect the consumer and remove all the homemade detour signs to make the roads safer, but they don't own the roads and aren't allowed to touch the signs. It is often difficult to get the road crew out there to remove the detour signs. > However Griffith University network security lecturer Dr Vallipuram > Muthukkumarasamy said most banks would not admit being the victim > of computer hackers. > > He said academics knew that "several banks have been compromised > not only in Australia but in other countries". If customers were unhappy with the way their money was being handled, then they'd be leaving and we'd be hearing about it. So long as the banks are absorbing the risk of online banking, then it is secure for users to do so. Security is an absence of risk, not vulnerability. Eric Hacker - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Mar 12 2004 - 01:10:41 PST