1 post • joined 25 Feb 2010
Storm, meet tea cup
Firstly, to declare my interests. I work in information security at a bank and I know the people at UK Payments (APACS).
Although I do not know who wrote the response, it was obviously from pure personal frustration at a rather improbable hack.
The thing to remember is that if you can physically break into and control a machine you can do all sorts of things.
Here's an exercise for the student: imagine a scenario in which this hack could be used. Whatever scenario you imagined, you can almost certainly think of an easier and more profitable exploit in those circumstances. (In this case the question is where is the shopkeeper? Where is the fraudster? If the shopkeeper is missing, and the fraudster is in the shop, it might be easier just to leg it with the goods).
Many people in the banking security industry do the kind of analysis which Prof Anderson's team publish - although sadly we don't often get a change to build the toys themselves and we don't get PhDs out of it ;-) But you have to keep in mind the misuse case, the scenarios you are protecting against. This is the key to staying sane, staying focused on the important risks, and not obsessing over the wrong details.
Prof Anderson has an honorable record in defending innocent customers against the banks' technological conceits, and I expect this is part of that continuing battle. But this one is a storm in a tea cup.
- Vid Hubble 'scope scans 200,000 ton CHUNKY CRUMBLE ENIGMA
- Google offers up its own Googlers in cloud channel chumship trawl
- Interview Global Warming IS REAL, argues sceptic mathematician - it just isn't THERMAGEDDON
- Updated Newsweek knocks on door of dad-of-six, tells him he invented Bitcoin
- Apple to grieving sons: NO, you cannot have access to your dead mum's iPad