Home page logo
/

interesting-people logo Interesting People mailing list archives

Re: Adam Savage talks about Mythbuster attempt at RFIDa bit more on
From: David Farber <dave () farber net>
Date: Wed, 3 Sep 2008 18:57:42 -0400



Begin forwarded message:

From: Valdis.Kletnieks () vt edu
Date: September 3, 2008 6:07:22 PM EDT
To: dave () farber net
Cc: ip <ip () v2 listbox com>
Subject: Re: [IP] Re: Adam Savage talks about Mythbuster attempt at RFIDa bit more on

On Wed, 03 Sep 2008 12:20:08 EDT, Tice DeYoung said:

  I never cease to be amazed by companies (and governments)  that
think they can hide the  security problems in their products and
devices by burying under injunctions, gag orders, etc. those who are
trying to expose the faults in order to make the products better and
also to help people protect their privacy, finances, et al.  Do they
really think that the black hat hackers won't find the same security
holes, but not tell anyone about them?  Will they ever learn?

More likely, they already *have* learned, and are actually following the
most reasonable course when looked at from a profit-loss standpoint.

They can invest a few hundreds of thousands of dollars a year in a legal team to send intimidating cease-and-desist letters (how much can a form letter C&D cost?), plus swallow the 0.05% or whatever fraud rate (I'm sure the RFID fraud is *swamped* by all the other identity theft channels - spyware, dumpster
diving, snail-mailbox theft, etc).

Or they can let the news get out, at which point they have to swallow
two very big costs:

1) The cost of going back and doing it *right* (or at least "more right
than last time"), which will almost certainly be higher than their current
cost.

2) The *very* high cost that the publicity will bring. Remember that the
*only* reason that the entire credit card industry works is because the
consumers *trust* it to work properly most of the time. A Visa or Mastercard
that the person doesn't trust anymore is just a piece of plastic...

Given those options, security-via-intimidation suddenly looks really good...




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault