From: Adam Shostack <adam@homeport.org>
To: declan@well.com (Declan McCullagh)
Message Hash: 1b3c6a4ecb88b03dcd04d0531d4ed3b0a7285953b3b880f5eb8a72b88d10a0cc
Message ID: <199707180310.XAA23878@homeport.org>
Reply To: <Pine.GSO.3.95.970717183258.19394c-100000@well.com>
UTC Datetime: 1997-07-18 03:25:04 UTC
Raw Date: Fri, 18 Jul 1997 11:25:04 +0800
From: Adam Shostack <adam@homeport.org>
Date: Fri, 18 Jul 1997 11:25:04 +0800
To: declan@well.com (Declan McCullagh)
Subject: Re: ESPN hacked -- got info? (fwd)
In-Reply-To: <Pine.GSO.3.95.970717183258.19394c-100000@well.com>
Message-ID: <199707180310.XAA23878@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain
Strong crypto is useful not in building a web site, but in
providing an infrastructure that resists stupidity better.
For example, when you telnet or ftp, your password goes in a
sniffable cleartext format. When you send mail, it traverses the net
in the clear, and is stored in the clear. If crypto was widely
deployed, the sensitive information people send in the clear would be
protected.
Locking the barn after the horses are gone is not nearly as
useful as ubiquitous locks.
Adam
Declan McCullagh wrote:
| ---------- Forwarded message ----------
|
| Declan --
|
| Do you have any information about the ESPN/SportZone web site store being
| hacked? Or a contact? The pro-crypto folks on the Hill are quite
| interested to know if 1) this site was using encryption before being hacked
| and 2) what type of encryption they are using now (one of the press stories
| noted that crypto was one of the security measures implemented after the
| hacking).
|
| I realize this was probably an inside job, but it's good fodder for the
| Hill. Any insight you might have -- or other examples -- would be great.
|
| Thanks in advance.
|
|
--
He has erected a multitude of new offices, and sent hither swarms of
officers to harrass our people, and eat out their substance.
Return to July 1997
Return to “Declan McCullagh <declan@well.com>”