1996-07-18 - Re: Cybank breaks new ground; rejects public-key encryption

Header Data

From: “Perry E. Metzger” <perry@piermont.com>
To: Jüri Kaljundi <jk@stallion.ee>
Message Hash: ec7c42157be0d70e62560c0ad34ccf13765d9ea96f9bc84733275ecc18d3d522
Message ID: <199607181605.MAA02021@jekyll.piermont.com>
Reply To: <Pine.GSO.3.93.960718180020.10966B-100000@nebula.online.ee>
UTC Datetime: 1996-07-18 20:29:27 UTC
Raw Date: Fri, 19 Jul 1996 04:29:27 +0800

Raw message

From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 19 Jul 1996 04:29:27 +0800
To: Jüri Kaljundi <jk@stallion.ee>
Subject: Re: Cybank breaks new ground; rejects public-key encryption
In-Reply-To: <Pine.GSO.3.93.960718180020.10966B-100000@nebula.online.ee>
Message-ID: <199607181605.MAA02021@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



=?ISO-8859-1?Q?J=FCri_Kaljundi?= writes:
> There must be something wrong with bank people all over the world. One
> local bank that now is offering payments using their WWW server here in
> Estonia, and every time I publicly announce some security flaw in their
> system, I have to convince them this bug really exists, they never want to
> believe me.

I would suggest a much simpler technique.

Explain to them the next time you point out a flaw, that you will be
explaining these flaws by publishing exploits in the local newspaper,
and that all future flaws will be explained in the newspapers until
such time as they begin to take you seriously.

> What might be a good reward for hacking into an Internet bank and
> showing I can steal their money?

Don't bother. Just describe the flaws in public enough, and then you
have no risk because you are not committing a crime, and you have a
gain because you get an increase in your reputation for supplying
accurate information.

Perry





Thread