Just as an indication of how heavy this identity crisis
is (and even I wonder how much hotter it will get...)
over at news.google.com, you can see the counts
of the number of articles. Mastercard is about 6th
in the rankings, well behind 2 sports events, and
narrowly behind 3 other real news stories.
The security / data / identity crisis has spawned
over 1000 news articles just on this Mastercard thing
(most of them are the same, but consider that 1000
editors across the world decided this was news).
Seen on slashdot:
there are some numbers hackers can't steal
for everything else there's MasterCard
(Accepted all over, even if it's not yours.)
That all pours into the whole debate - sure it doesn't
*directly* relate to the work of browser manufacturers,
but indirectly it's about as related as it can get - it's
the *same data*. So today, this story is the 6th most
important on the planet. And the 4th if we ignore the
sports.
Also on slashdot:
Interest rate: 20%
Annual Fee: $40
Randomly being declined because the
machine is on the fritz: $1-$1000 purchase down the drain.
Being the target of fraud through no fault of your own: Priceless.
Every day on a quiet day there are dozens of articles
on phishing, and maybe a hundred on the whole field
of identity theft. I don't read any of them... Today's
daily finance/security feed just goes for pages and
pages on the same thing - mastercard, phishing,
identity, trojans, etc etc. But most days there are at
least 20 or so stories, in the feed that I get.
It's actually quite difficult to overrate the importance
of this issue. This is our field and the journos are into
hype mode over it. The security companies are all
scrambling around looking for a 'solution' to sell. The
lawyers are slobbering at the potential liability for the
big corps. The security experts are running for cover.
The banks are looking for a scapegoat and the regulators
are looking for blood. Or is it the other way around?
iang
--
Advances in Financial Cryptography, Issue 1:
https://www.financialcryptography.com/mt/archives/000458.html
Daniel Nagy, On Secure Knowledge-Based Authentication
Adam Shostack, Avoiding Liability: An Alternative Route to More Secure Products
Ian Grigg, Pareto-Secure
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security
