jwgli...@gmail.com (John Gilmore) writes: > The scientific community made early and significant use of the DARPA > predecessor of today's Internet, and almost none of the problems that > afflict us today emerged during that period. There was no money to be > made by chicanery, and little of it therefore occurred. > > Things are now very different. The availability of millions of new > Internet dupes has spawned whole new classes of crime and greatly > facilitated others that are much older than it is.
note in the 95/96 time-frame industry presentations by online dialup consumer banking were explaining move to the internet ... in large part motivated by the large consumer support costs related to serial-port dialup modems (able to offload to ISPs). at the same time the commercial dialup banking/cash-management operations were saying that they would never move to the internet ... for a long list of vulnerabilities. late 90s, EU had FINREAD standard as countermeasure to a long list of vulnerabilities related to internet-connected desktops ... including compromised desktops. some number of vendors were pushing hardware (chip) tokens for authentication for many kinds of fraud. approx. start of the century, one of the plastic magstripe payment cards included chip in the card and provided free give-away of serial-port card readers. The enormous customer support costs associated with serial-port card readers resulted in rapidly spreading opinion in the industry that hardware tokens weren't practical in consumer market. As a result there was pullback/abandoning the consumer oriented chipcard-based programs in the industry ... including the EU FINREAD effort. We participated in after action review of the situation with some of the people in redmond ... identifying the problem was with serial-port devices ... not the chipcards. Apparently in few short years between online dial-up banking moving to internet and the give-away serial-port cardreaders, the institutional knowledge about the enormous serial-port cunsumer support costs evaporated (which also was major motivation for USB development). Along the way, the online dialup commercial banking/cash-management did move to the internet ... and the businesses have experienced all the exploits and vulnerabilities previously predicated. A number of times in the past decade, it has been recommended that businesses have a dedicated PC for online banking that is *NEVER* used for any other purpose (semi reverting to the days of online dialup banking) There has recently been a number of legal actions regarding liability for such exploits ... some number of recent posts in linkedin financial fraud on the subject: http://www.garlic.com/~lynn/2012i.html#18 Zeus/SpyEye 'Automatic Transfer' Module Masks Online Banking Theft http://www.garlic.com/~lynn/2012i.html#32 Zeus/SpyEye 'Automatic Transfer' Module Masks Online Banking Theft http://www.garlic.com/~lynn/2012j.html#0 Federal appeal court raps bank over shoddy online security http://www.garlic.com/~lynn/2012j.html#8 Federal appeal court raps bank over shoddy online security http://www.garlic.com/~lynn/2012j.html#59 Bank Sues Customer Over ACH/Wire Fraud http://www.garlic.com/~lynn/2012j.html#72 Bank Sues Customer Over ACH/Wire Fraud http://www.garlic.com/~lynn/2012j.html#73 Is it time to consider a stand-alone PC for online banking? past posts in this thread: http://www.garlic.com/~lynn/2012j.html#83 Gordon Crovitz: Who Really Invented the Internet? http://www.garlic.com/~lynn/2012j.html#84 Gordon Crovitz: Who Really Invented the Internet? http://www.garlic.com/~lynn/2012j.html#87 Gordon Crovitz: Who Really Invented the Internet? http://www.garlic.com/~lynn/2012j.html#88 Gordon Crovitz: Who Really Invented the Internet? http://www.garlic.com/~lynn/2012j.html#89 Gordon Crovitz: Who Really Invented the Internet? http://www.garlic.com/~lynn/2012j.html#90 Gordon Crovitz: Who Really Invented the Internet? http://www.garlic.com/~lynn/2012j.html#93 Gordon Crovitz: Who Really Invented the Internet? -- virtualization experience starting Jan1968, online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
