Comments: Paypal -- Practical Approaches to Phishing -- open white paper

majority of the information involved in the naked transaction metaphor has additional issues. This is the kindergarten security 101 theme related to security proportional to risk.

a couple recent posts
http://www.garlic.com/~lynn/aadsm28.htm#60 Seeking expert on credit card fraud prevention - particularly CNP/online transactions
http://www.garlic.com/~lynn/aadsm28.htm#64 Seeking expert on credit card fraud prevention - particularly CNP/online transactions

a large amount of the information subject to common leakage/breaches (resulting in fraudulent activity) is worth upwards of one hundred times more to the attackers than the typical value to the defenders. the result is that frequently the attackers can afford to spend 100 times more than the defenders can afford to spend. older post discussing the subject
http://www.garlic.com/~lynn/2001h.html#61

the solution to naked transaction metaphor includes changing the paradigm ... both armoring the transaction as well as eliminating the value of the information to the attacker (since in the current paradigm ... that the attacker will always have the incentive to significantly outspend the defender).

Posted by Lynn Wheeler at April 22, 2008 05:15 PM

I came to distrust the laptop or PC many years ago and see nothing to change my mind. I use it as a communication tool and to make pretty pictures and documents-- in fact, Microsoft hasn't done anything for me, since the 1980s. In fact, their contributions, along with the rest of the software industry, have been nothing but fight with each other over how to extract the most rents by blocking the public from gaining communication or applications we could have built years ago for ourselves.

I've come to conclude, years ago, there's not going to be reliable or private communication over the Internet until the public is allowed to have a secure computer of some sort.

For starters it would be nice to have a hardened device that can at least send and receive small text messages, with some kind of reliable encryption and signatures. Among other things this would allow us to sign contracts, buy and sell, and vote in polls and elections. It would allow persistent reputation to begin to emerge.

I just cannot help but view all these phishing problems, and the deliberately inadequate solutions, with disdain.... I could be wrong but after the last 20 years, I'm kind of getting the message that the powers that be, don't want us to be able to use general computing and communication at all. They just want us dumb barefoot and pregnant, working at our workstations in large, centralized corporations, for subsistence wages.

Posted by Todd Boyle at April 26, 2008 07:42 PM

It seems paypal is working through very serious security bugs, and refuses to roll back.
http://www.theregister.co.uk/2008/05/27/paypal_glitch_weighs_on_merchants/

Today I saw a live demo of a XSRF Attack, i would guess it is something serious like that, that makes them shutdown a important functionality of their system.


Posted by Matthias Subik at May 27, 2008 06:00 PM
Post a comment









Remember personal info?






Hit Preview to see your comment.
MT::App::Comments=HASH(0x562d128fed68) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.