Semi-Private numbers

[Dave Aitel <dave () immunityinc com>]

When something is felt to be a secret, but is really something you give
to everyone, I call it a semi-private numbers. You'll see them
everywhere, social security numbers, credit card numbers, biometrics of
all sorts, your maiden name, etc. It's weird how people get upset when
huge collections of semi-private numbers get stolen. I'm referring today
to the Global Payment compromise, but tomorrow it'll be because Trusted
Traveler got compromised or something.

When Trusted Traveler gets compromised[1] people are going to whine
about how some nefarious person has a copy of their fingerprints. But
they give out their fingerprints every time they return a glass of beer
to the local bar.

Probably it would scare people even more if they realized that any
hacker who could steal the financial data from their credit card could
also track them down in real time as they spent it. Imagine if you
Baidu'd your name, and what came back was a Russian website that listed
every piece of porn you've ever purchased. How cool would that be!

Deep down the Secret Service looking into problems like this is a
secondary tax on consumers - the easy solution is to move everyone to
mobile phone applications that digitally sign every transaction
<http://www.google.com/wallet/>, such that it can't be replayed or used
to steal any additional money. It's simple technically, and complex
politically. Like all the best security problems. :>

-dave
[1] Obviously by this I mean "When you find out about it in the news"
since it has probably already happened.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave