Dailydave mailing list archives
Semi-Private numbers
From: Dave Aitel <dave () immunityinc com>
Date: Mon, 02 Apr 2012 11:45:16 -0400
When something is felt to be a secret, but is really something you give to everyone, I call it a semi-private numbers. You'll see them everywhere, social security numbers, credit card numbers, biometrics of all sorts, your maiden name, etc. It's weird how people get upset when huge collections of semi-private numbers get stolen. I'm referring today to the Global Payment compromise, but tomorrow it'll be because Trusted Traveler got compromised or something. When Trusted Traveler gets compromised[1] people are going to whine about how some nefarious person has a copy of their fingerprints. But they give out their fingerprints every time they return a glass of beer to the local bar. Probably it would scare people even more if they realized that any hacker who could steal the financial data from their credit card could also track them down in real time as they spent it. Imagine if you Baidu'd your name, and what came back was a Russian website that listed every piece of porn you've ever purchased. How cool would that be! Deep down the Secret Service looking into problems like this is a secondary tax on consumers - the easy solution is to move everyone to mobile phone applications that digitally sign every transaction <http://www.google.com/wallet/>, such that it can't be replayed or used to steal any additional money. It's simple technically, and complex politically. Like all the best security problems. :> -dave [1] Obviously by this I mean "When you find out about it in the news" since it has probably already happened.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Semi-Private numbers Dave Aitel (Apr 02)
- Re: Semi-Private numbers Michal Zalewski (Apr 03)
- Re: Semi-Private numbers Anton Chuvakin (Apr 05)
- Re: Semi-Private numbers Michal Zalewski (Apr 03)