Forwarded from: Eric Hacker <isn@private> On Mon, 16 Aug 2004 03:28:44 -0500 (CDT), InfoSec News wrote: > http://www.nypost.com/business/18671.htm > > With little fanfare, the Federal Reserve will begin transferring the > nation's money supply over an Internet-based system this month - a > move critics say could open the U.S.'s banking system to cyber > threats. ..... > Patti Lorenzen, a spokeswoman for the Federal Reserve, said the > agency is taking every precaution. > "Of course, we will not discuss the specifics of our security > measures for obvious reasons," she said. Hmmm. Are the reason's obvious because we are dealing with a bureaucratic government agency that still has the bassackwards idea that security through obscurity works? Most security engineering is a compromise between cost and risk, and maybe it is unwise to go into detail about those compromises (maybe not). Regular Multi-million dollar transactions, like electronic voting, do not fall into that category. This should be a rock solid as AES and go through just as much public review. Eric Hacker _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Wed Aug 18 2004 - 04:34:15 PDT