Robert Hettinga (rah@shipwright.com)
Mon, 9 Mar 1998 18:07:29 -0500
--- begin forwarded text
X-Sender: rah@pop.sneaker.net
Mime-Version: 1.0
Date: Mon, 9 Mar 1998 17:37:24 -0500
To: dcsb@ai.mit.edu, dcsb-announce@ai.mit.edu
From: Robert Hettinga <rah@shipwright.com>
Subject: DCSB: Adam Shostack; No Silver Bullet -- Digital Commerce and
Payment Security
Cc: Adam Shostack <adam@homeport.org>, Jeremey Barrett <jeremey@bluemoney.com>,
"Michael S. Baum" <michael@verisign.com>
Sender: bounce-dcsb@ai.mit.edu
Precedence: bulk
Reply-To: Robert Hettinga <rah@shipwright.com>
-----BEGIN PGP SIGNED MESSAGE-----
The Digital Commerce Society of Boston
Presents
Adam Shostack
Netect, Inc.
"No Silver Bullet"
Digital Commerce and Payment Security
Tuesday, April 7, 1997
12 - 2 PM
The Downtown Harvard Club of Boston
One Federal Street, Boston, MA
The traditional threats that apply to digital commerce systems are the same
as the threats against all other commerce systems. But the communications
networks that are available to the bad guys make possible and effective
attacks that could never work before. Adam Shostack will examine some of
these new threats to electronic commerce, some of the potential solutions,
and share his vision of the future tools to protect commerce.
New attacks against commerce include the automation of knowledge. The
pickpocket of old needed to practice for years to learn how to be
effective. Today's 14 year olds can download a package with a win95
interface to exploit security holes. The nature of the internet allows
them to engage in these attacks anonymously. The anonymous nature of the
net also means that people can engage in attacks that have a very small
payoff, or a small chance of a large payoff. They also engage in attacks
for the thrill of it, costing companies trust and confidence, as well as
down time and its associated lost revenue.
New methods of dealing with the threats and problems posed by the
automation of new attacks will be required. Where 'traditional' security
measures, such as firewalls, have failed to deal with the new attacks,
there is need to try new approaches. This talk will cover the new breeds of
attack, and the new methods of building secure foundations to help busy
companies cope.
Mr. Shostack is Director of Technology for Netect, Inc, a startup making
innovative applications to help cope with the new breed of security
problems. He has extensive background in designing, implementing and
testing secure systems for clients in the medical, computer, and financial
industries. His recent public work includes 'Apparent Weaknesses in the
Security Dynamics Client Server Protocol,' 'Source Code Review Guidelines,'
and comparisons of freely available cryptographic libraries. Adam was also
one of the instructors, along with John Kelsey of Counterpane, and Gary
Howland of SecureAccounts, in Ian Goldberg's FC98 Financial Cryptography
Workshop, which was held in Anguilla in early March this year.
This meeting of the Digital Commerce Society of Boston will be held on
Tuesday, April 7, 1997, from 12pm - 2pm at the Downtown Branch of the
Harvard Club of Boston, on One Federal Street. The price for lunch is
$32.50. This price includes lunch, room rental, various A/V hardware, and
the speaker's lunch. ;-). The Harvard Club *does* have dress code: jackets
and ties for men (and no sneakers or jeans), and "appropriate business
attire" (whatever that means), for women. Fair warning: since we purchase
these luncheons in advance, we will be unable to refund the price of your
lunch if the Club finds you in violation of the dress code.
We will attempt to record this meeting for sale on CD/R, and to put it on
the web in RealAudio format, at some future date.
We need to receive a company check, or money order, (or, if we *really* know
you, a personal check) payable to "The Harvard Club of Boston", by Saturday,
April 4th, or you won't be on the list for lunch. Checks payable to
anyone else but The Harvard Club of Boston will have to be sent back.
Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston,
Massachusetts, 02131. Again, they *must* be made payable to "The Harvard
Club of Boston", in the amount of $32.50. Please include your e-mail
address, so that we can send you a confirmation
If anyone has questions, or has a problem with these arrangements (We've had
to work with glacial A/P departments more than once, for instance), please
let us know via e-mail, and we'll see if we can work something out.
Upcoming speakers for DCSB are:
May Jeremey Barrett Digital Bearer Certificate Protocols
June Michael Baum PKI and the Commercial CA
We are actively searching for future speakers. If you are in Boston on the
first Tuesday of the month, and you would like to make a presentation to the
Society, please send e-mail to the DCSB Program Commmittee, care of Robert
Hettinga, <mailto: rah@shipwright.com>.
For more information about the Digital Commerce Society of Boston, send
"info dcsb" in the body of a message to <mailto: majordomo@ai.mit.edu> . If
you want to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the
body of a message to <mailto: majordomo@ai.mit.edu> .
We look forward to seeing you there!
Cheers,
Robert Hettinga
Moderator,
The Digital Commerce Society of Boston
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3
iQEVAwUBNQRurMUCGwxmWcHhAQFLyQf9H4KUArV/SocXwK6O5aW028g2NsFUp5qU
PfZfFn+3paQrsG+9dhKAsDb+GvMYgS4ZADV+s1yZTeQjHShHST4o5WiHqOtd9ALY
nWd3F9FDngiD8LuCXXoC4Q8vLEazsFSNSXJG9tCR+OkoJgLZFM3997AO4dNPLm59
u42EAzlt435AlFFvPRiVA3mvKf2eFDbdXMiE8x3vfZvoqSYl33EVH1j4PvUr3BU4
IP01x6Ap+Cs3SBoAFb27O57X7fX6MFascwn+h6Vv/gFxnpTwRXgUK+05Hzeh/ZUf
Qe+tKR1cz1GqP7g0H9CHFLxHce0CB6f8izYhTxj6tsD6jB33aUWOFg==
=Hdoe
-----END PGP SIGNATURE-----
-----------------
Robert Hettinga (rah@shipwright.com), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The e$ Home Page: http://www.shipwright.com/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe from this list, send a letter to: Majordomo@ai.mit.edu
In the body of the message, write: unsubscribe dcsb-announce
Or, to subscribe, write: subscribe dcsb-announce
If you have questions, write to me at Owner-DCSB@ai.mit.edu
--- end forwarded text
-----------------
Robert Hettinga (rah@shipwright.com), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The e$ Home Page: http://www.shipwright.com/
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:15:56 ADT