1 post • joined 25 Feb 2010
Storm, meet tea cup
Firstly, to declare my interests. I work in information security at a bank and I know the people at UK Payments (APACS).
Although I do not know who wrote the response, it was obviously from pure personal frustration at a rather improbable hack.
The thing to remember is that if you can physically break into and control a machine you can do all sorts of things.
Here's an exercise for the student: imagine a scenario in which this hack could be used. Whatever scenario you imagined, you can almost certainly think of an easier and more profitable exploit in those circumstances. (In this case the question is where is the shopkeeper? Where is the fraudster? If the shopkeeper is missing, and the fraudster is in the shop, it might be easier just to leg it with the goods).
Many people in the banking security industry do the kind of analysis which Prof Anderson's team publish - although sadly we don't often get a change to build the toys themselves and we don't get PhDs out of it ;-) But you have to keep in mind the misuse case, the scenarios you are protecting against. This is the key to staying sane, staying focused on the important risks, and not obsessing over the wrong details.
Prof Anderson has an honorable record in defending innocent customers against the banks' technological conceits, and I expect this is part of that continuing battle. But this one is a storm in a tea cup.
- Review Is it an iPad? Is it a MacBook Air? No, it's a Surface Pro 3
- Game Theory The agony and ecstasy of SteamOS: WHERE ARE MY GAMES?
- Hello, police, El Reg here. Are we a bunch of terrorists now?
- Microsoft and HTC are M8s again: New One mobe sports WinPhone
- Worstall on Wednesday Wall Street woes: Oh noes, tech titans aren't using bankers