[LINK] Consumer computer security

Alan L Tyree alan at austlii.edu.au
Sun Jan 14 13:26:29 AEDT 2007

On Sun, 14 Jan 2007 11:38:46 +1100
Roger Clarke <Roger.Clarke at xamax.com.au> wrote:

> G'day Alan
> It's not what you asked for, but ...
> I did some expert evidence a little while back which required me to 
> catalogue the ways in which 'accesses to inappropriate sites' and 
> 'storage of inappropriate images' might occur, without the intention 
> of a device's user, and even without their knowledge.  The context 
> was alleged unfair dismissal.
> The material could be turned to the purpose of demonstrating that:
> (1)  consumers' computers are not under consumers' control
> (2)  it is not practicable for consumers to exercise control
> The first few parts are of marginal relevance to the current context.
> This section has some relevance but would need to be cut down:
> http://www.anu.edu.au/people/Roger.Clarke/II/OffIm0511.html#AUC
> The key bits are the short sections on Malware and 'Hacking' starting
> at: http://www.anu.edu.au/people/Roger.Clarke/II/OffIm0511.html#MW
> If it would help, I could use the above to produce a 2-pager 
> summarising the problems.

It always helps Roger :-).

> Further mutterings ...
> I was involved in an RBA/APSC subcommittee back about 1988-89, which 
> considered an early version of the Code and specifically the need for 
> consumer protections in relation to ATM design and processes.  (Banks 
> were finally forced to get rid of the exposed vertical key-pads that 
> made PIN capture a cinch).

Yes, I was actually a member of the APSC at that time. The Wallis
recommendations abolished the ASPC and replaced it with the Payment
Systems Board. I think that was a pity since the APSC really offered a
forum where various interests talked. It even got a few things done!
The PSB is just the RBA in disguise. Generally, they don't give a
flying F about consumer issues. The original EFT Code was (suprisingly)
given real life by the Treasury representatives on the APSC.

Many thanks for the response.

> They had some interest in solid evidence, which was a pleasant 
> surprise.  (They = the RBA / regulatory members, not the bank reps of 
> course).  So maybe the offer of a presentation might be an angle that 
> would attract their attention.
> Re the question you actually asked, Googling with mixtures of terms 
> like <infection key-logger trojan statistics> and suchlike turns up 
> some sources:
> http://www.webroot.com/resources/stateofspyware/excerpt.html
> http://www.secureworks.com/researchcenter/researchoverview.html
> http://www.sans.org/reading_room/?portal=2027af4cebaac272f701e38e131117a1
> But nope, nothing's obvious that actually answers the question ...
> Regards  ...  Roger
> -- 
> Roger Clarke
> http://www.anu.edu.au/people/Roger.Clarke/ 
> Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611
> AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916
> mailto:Roger.Clarke at xamax.com.au
> http://www.xamax.com.au/
> Visiting Professor in Info Science & Eng  Australian National
> University Visiting Professor in the eCommerce Program
> University of Hong Kong Visiting Professor in the Cyberspace Law &
> Policy Centre      Uni of NSW
> _______________________________________________ Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

Alan L Tyree                    http://www2.austlii.edu.au/~alan
Tel: +61 2 4782 2670            Mobile: +61 427 486 206
Fax: +61 2 4782 7092            FWD: 615662

More information about the Link mailing list