RE: photuris-06.txt

[Hilarie Orman <ho@cs.arizona.edu>]

> But it does seem that many of those threat models
> are far more concerned about "internal" attacks, i.e., attacks from
> users with enough authority to obtain some access to the system
> but who are not specifically authorized to access the data in question.
> Is this true?

> If so, I'd posit that in the commercial world this isn't as often the
> case.  

I think the military may have had the lead in defining a formal
policy, but the problem is as old as commerce itself* --- you might
hear about it as "embezzlement" or "rogue trading" or "white collar
computer crime", but the internal problems cost companies more than
the external ones, I'll bet.

* E.g., Phoenician traders used to store tokens in sealed clay containers to
be used as signed bills of lading, carried by sea captains to distant
merchants.

Does this mean Photuris should worry about it?  Don't know, it's all
Greek to me.

---

References:

• RE: photuris-06.txt
• From: Phil Karn <karn@qualcomm.com>

---

• Prev by Date: RE: photuris-06.txt
• Next by Date: RE: photuris-06.txt
• Prev by thread: RE: photuris-06.txt
• Next by thread: RE: photuris-06.txt
• Index(es):
  • Main
  • Thread