Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Insecurity demo theater: Tetris at the checkout

From: David Farber <dave () farber net>
Date: Fri, 5 Jan 2007 07:33:16 -0500


Begin forwarded message:

From: Ted Nelson <tandm () xanadu net>
Date: January 5, 2007 1:34:50 AM EST
To: David Farber <dave () farber net>
Cc: Ted Nelson <tandm () xanadu net>
Subject: Insecurity demo theater: Tetris at the checkout
Reply-To: tandm () xanadu net

Hi Dave--

As we've seen lately (from the kid who made fake
 boarding passes last October), you can get in a lot
 of trouble if you go demonstrating that a system
 is insecure in a politically incorrect way.

So the theatrics of such demonstrations becomes
 the new focus.

It's one thing to know what the problem is; it's another
 to demonstrate it compellingly and theatrically and
 lovably, so that even the people who don't want your
 message to get out have to smile.

One example: Feynman's dunking the O-ring in the ice water.
 Simplicity and humor made the truth impossible to evade.

And now, two guys at the Other Place (Cambridge U.),
 Saar Drimer and Steven Murdoch, have demonstrated (with
 similar simplicity and good humor) the vulnerability of the UK's
 Chip-and-Pin terminals that want a four-digit number to
 validate a credit-card purchase.  (Do you have them in the USA?)
http://www.engadget.com/2007/01/04/chip-and-pin-terminal-cant-play- doom-but-tetris-runs-just-fine/ 
and for example

http://www.emergentchaos.com/archives/2006/12/chip_pin_and_tetris.html

This shows that the way to get the public alarmed
 about the Diebold voting machine isn't any more talking-head
 gloom and doom.  Get it playing Grand Theft Auto
 at some very appropriate time.

Cheers,Ted


--
Theodor Holm Nelson
  Visiting Fellow, Oxford Internet Institute
  Visiting Professor, University of Southampton
  Founder, Project Xanadu

-------------------------------------------
-----------------------------------------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: Archives: http://archives.listbox.com/247/ 
Modify Your Subscription: http://v2.listbox.com/member/?member_id=1788750&user_secret=f2ab41d2
Unsubscribe: http://v2.listbox.com/unsubscribe/?id=1788750-f2ab41d2-5ucp1qnx
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: