Re: Cyber Fears on Fed's Web Plan

[InfoSec News <isn () c4i org>]

Forwarded from: Eric Hacker <isn () erichacker com>

On Mon, 16 Aug 2004 03:28:44 -0500 (CDT), InfoSec News wrote:
> http://www.nypost.com/business/18671.htm
>
> With little fanfare, the Federal Reserve will begin transferring the
> nation's money supply over an Internet-based system this month - a
> move critics say could open the U.S.'s banking system to cyber
> threats.

.....

> Patti Lorenzen, a spokeswoman for the Federal Reserve, said the
> agency is taking every precaution.

> "Of course, we will not discuss the specifics of our security
> measures for obvious reasons," she said.

Hmmm. Are the reason's obvious because we are dealing with a
bureaucratic government agency that still has the bassackwards idea
that security through obscurity works?

Most security engineering is a compromise between cost and risk, and
maybe it is unwise to go into detail about those compromises (maybe
not). Regular Multi-million dollar transactions, like electronic
voting, do not fall into that category. This should be a rock solid as
AES and go through just as much public review.

Eric Hacker



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/