- From: Mike Meyer <mwm@contessa.phone.net>
- Date: Mon, 12 May 1997 11:44:36 PST
- To: www-talk@w3.org
> > It is my understanding that concerns about security on the web are much > > exaggerated. Think of all the people who feel comfortable giving their > > credit card number over the phone -- even cordless phones. This method of > > transmission can be intercepted by just about anyone willing to invest a > > small amount of money in the necessary technology. > I can't entirely agree. Snooping credit card numbers going > to a web server isn't much different from snooping passwords > on a local net. It's more involved as far as picking the right > machines to break into but that's the only difference. I think she's still right - the technology required to snoop credit card numbers off a web server is noticably newer (and hence less obtainable) than the technology required to snoop credit card numbers off a hotels phone lines. > That said, I do agree that card numbers in the clear are > about as safe as handing some random waiter your credit > card. Rarely is this a problem. Or about as safe as reading it to a hotel clerk over a phone line. Both are reasonably safe, and the issue is really one of perception. It's fairly well documented that people's perception of risk is pretty much unrelated to the reality of the risk. The press has turned "hackers" into a scare word, so people are afraid of trusting computers and networks with sensitive information. The perception has to be changed. Changing the reality - no matter how minor a change - can do the trick if the PR is handled properly. > But, since we can easily protect this information from attacks that > are reasonably likely to occur, we should. It would be > irresponsible not to. As someone trying to deal with the issue of exporting crypto from the US, I'd debate the word "easily". The technology is easy - but so is the technology to protect voice lines. The politics is hard in both cases; just different. <mike
Received on Monday, 12 May 1997 14:51:38 UTC