Re: security on the web

> > It is my understanding that concerns about security on the web are much
> > exaggerated.  Think of all the people who feel comfortable giving their
> > credit card number over the phone -- even cordless phones.  This method of
> > transmission can be intercepted by just about anyone willing to invest a
> > small amount of money in the necessary technology.
> I can't entirely agree. Snooping credit card numbers going
> to a web server isn't much different from snooping passwords
> on a local net. It's more involved as far as picking the right
> machines to break into but that's the only difference.

I think she's still right - the technology required to snoop credit card
numbers off a web server is noticably newer (and hence less obtainable) than
the technology required to snoop credit card numbers off a hotels phone

> That said, I do agree that card numbers in the clear are
> about as safe as handing some random waiter your credit
> card. Rarely is this a problem.

Or about as safe as reading it to a hotel clerk over a phone line. Both are
reasonably safe, and the issue is really one of perception. It's fairly
well documented that people's perception of risk is pretty much unrelated to
the reality of the risk. The press has turned "hackers" into a scare word,
so people are afraid of trusting computers and networks with sensitive
information. The perception has to be changed. Changing the reality - no matter
how minor a change - can do the trick if the PR is handled properly.

> But, since we can easily protect this information from attacks that
> are reasonably likely to occur, we should. It would be
> irresponsible not to.

As someone trying to deal with the issue of exporting crypto from the US, I'd
debate the word "easily". The technology is easy - but so is the technology
to protect voice lines. The politics is hard in both cases; just different.


Received on Monday, 12 May 1997 14:51:38 UTC