[ISN] Cyber Fears on Fed's Web Plan

InfoSec News isn at c4i.org
Wed Aug 18 06:53:17 EDT 2004

Forwarded from: Eric Hacker <isn at erichacker.com>

On Mon, 16 Aug 2004 03:28:44 -0500 (CDT), InfoSec News wrote:
> http://www.nypost.com/business/18671.htm
> With little fanfare, the Federal Reserve will begin transferring the
> nation's money supply over an Internet-based system this month - a
> move critics say could open the U.S.'s banking system to cyber
> threats.


> Patti Lorenzen, a spokeswoman for the Federal Reserve, said the
> agency is taking every precaution.

> "Of course, we will not discuss the specifics of our security
> measures for obvious reasons," she said.

Hmmm. Are the reason's obvious because we are dealing with a
bureaucratic government agency that still has the bassackwards idea
that security through obscurity works?

Most security engineering is a compromise between cost and risk, and
maybe it is unwise to go into detail about those compromises (maybe
not). Regular Multi-million dollar transactions, like electronic
voting, do not fall into that category. This should be a rock solid as
AES and go through just as much public review.

Eric Hacker

More information about the ISN mailing list