          The Digital Commerce Society of Boston


                     Chris Wysopal
                 L0pht Heavy Industries

        Client Security: You've got armored trucks,
             but what about the pick pockets?

                Tuesday, May 4th, 1999
                       12 - 2 PM
           The Downtown Harvard Club of Boston
              One Federal Street, Boston, MA

Everyone in ecommerce these days is peddling better vaults for stores and
stronger armored cars to deliver payments and merchandise. Does this
really matter in an Internet world where you can pick the pocket of a
consumer? Or more likely, to automate the pocket picking of a large
number of consumers.

Current authentication and purchasing systems rely on consumers using off
the shelf operating systems such as windows 95/98.  This is the operating
system which Microsoft has admitted to having no security model.  Current
ecommerce client security is layering strong encryption on this bed of

What are some of the attacks that are being used?  What technology can
be used to overcome this problem?

Chris Wysopal has a computer engineering degree from Rensselaer
Polytechnic Institute, but almost all of what he knows about computer
security he has learned from his exploration of computers as a hacker for
the past 15 years.  As an associate of L0pht Heavy Industries he has
worked to expose the "snake oil" in the computer security industry and
tried to make the general public aware of the just how fragile the
internet and security products are.  Last May he testified as a computer
security expert before the Senate Governmental Affairs Committe and has
appeared on several TV documentaries and news programs, including the BBC,
CBC, ZDTV, FOX News, and The Jim Lehrer News Hour.

This meeting of the Digital Commerce Society of Boston will be held
on Tuesday, May 4, 1999, from 12pm - 2pm at the Downtown Branch of
the Harvard Club of Boston, on One Federal Street. The price for
lunch is $32.50. This price includes lunch, room rental, various A/V
hardware, and the speakers' lunch.  The Harvard Club *does* have
dress code: jackets and ties for men (and no sneakers or jeans), and
"appropriate business attire" (whatever that means), for women.  Fair
warning: since we purchase these luncheons in advance, we will be
unable to refund the price of your lunch if the Club finds you in
violation of the dress code.

We need to receive a company check, or money order, (or, if we
*really* know you, a personal check) payable to "The Harvard Club of
Boston", by Saturday, May 1st, or you won't be on the list for
lunch.  Checks payable to anyone else but The Harvard Club of Boston
will have to be sent back.

Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The
Harvard Club of Boston", in the amount of $32.50. Please include your
e-mail address, so that we can send you a confirmation

If anyone has questions, or has a problem with these arrangements
(We've had to work with glacial A/P departments more than once, for
instance), please let us know via e-mail, and we'll see if we can
work something out.

Upcoming speakers for DCSB are:

June    Ron Rivest     MIT       Deep Crack = MicroMint?
July    TBA

We are actively searching for future speakers.  If you are in Boston
on the first Tuesday of the month, and you are a principal in digital
commerce, and would like to make a presentation to the Society,
please send e-mail to the DCSB Program Commmittee, care of Robert
Hettinga, <mailto: [EMAIL PROTECTED]>.

For more information about the Digital Commerce Society of Boston,
send "info dcsb" in the body of a message to <mailto:
[EMAIL PROTECTED]> . If you want to subscribe to the DCSB e-mail
list, send "subscribe dcsb" in the body of a message to <mailto:

We look forward to seeing you there!

