[LINK] RFC No. 2: A reductio ad absurdum?
Roger Clarke
Roger.Clarke at xamax.com.au
Mon Apr 2 16:12:16 AEST 2007
In writing the conclusions from one section of the submission to
ASIC, I've come up with this attempt to show how silly the situation
is.
In trying to be brief and clear, have I become technically incorrect?
Or lapsed into unjustifiable hyperbole?
"In short:
- browser-based applications are extremely vulnerable;
- browser-based applications are extremely vulnerable by design;
- there is little that consumers can do about these vulnerabilities,
because:
- in order to avoid them, a consumer would need to deny all of the
insecure features (cookies, Javascript, ActiveX and Java), or use
a web-browser that ignores them;
- by doing so, consumers would have to forego many features on
many sites; and
- many transaction-based sites use those capabilities, and hence
people adopting those strategies in effect preclude themselves
from conducting transactions and making payments on the Internet.
"Expressed differently, many eCommerce and even eBanking services
only work because they exploit vulnerabilities on consumer devices."
--
Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in Info Science & Eng Australian National University
Visiting Professor in the eCommerce Program University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
More information about the Link
mailing list