[ISN] Cyber Fears on Fed's Web Plan
isn at c4i.org
Wed Aug 18 06:53:17 EDT 2004
Forwarded from: Eric Hacker <isn at erichacker.com>
On Mon, 16 Aug 2004 03:28:44 -0500 (CDT), InfoSec News wrote:
> With little fanfare, the Federal Reserve will begin transferring the
> nation's money supply over an Internet-based system this month - a
> move critics say could open the U.S.'s banking system to cyber
> Patti Lorenzen, a spokeswoman for the Federal Reserve, said the
> agency is taking every precaution.
> "Of course, we will not discuss the specifics of our security
> measures for obvious reasons," she said.
Hmmm. Are the reason's obvious because we are dealing with a
bureaucratic government agency that still has the bassackwards idea
that security through obscurity works?
Most security engineering is a compromise between cost and risk, and
maybe it is unwise to go into detail about those compromises (maybe
not). Regular Multi-million dollar transactions, like electronic
voting, do not fall into that category. This should be a rock solid as
AES and go through just as much public review.
More information about the ISN