[LINK] Consumer computer security
Alan L Tyree
alan at austlii.edu.au
Sun Jan 14 13:26:29 AEDT 2007
On Sun, 14 Jan 2007 11:38:46 +1100
Roger Clarke <Roger.Clarke at xamax.com.au> wrote:
> G'day Alan
>
<SNIP>
>
> It's not what you asked for, but ...
>
> I did some expert evidence a little while back which required me to
> catalogue the ways in which 'accesses to inappropriate sites' and
> 'storage of inappropriate images' might occur, without the intention
> of a device's user, and even without their knowledge. The context
> was alleged unfair dismissal.
>
> The material could be turned to the purpose of demonstrating that:
> (1) consumers' computers are not under consumers' control
> (2) it is not practicable for consumers to exercise control
>
> The first few parts are of marginal relevance to the current context.
>
> This section has some relevance but would need to be cut down:
> http://www.anu.edu.au/people/Roger.Clarke/II/OffIm0511.html#AUC
>
> The key bits are the short sections on Malware and 'Hacking' starting
> at: http://www.anu.edu.au/people/Roger.Clarke/II/OffIm0511.html#MW
>
> If it would help, I could use the above to produce a 2-pager
> summarising the problems.
It always helps Roger :-).
>
>
> Further mutterings ...
>
<SNIP>
>
> I was involved in an RBA/APSC subcommittee back about 1988-89, which
> considered an early version of the Code and specifically the need for
> consumer protections in relation to ATM design and processes. (Banks
> were finally forced to get rid of the exposed vertical key-pads that
> made PIN capture a cinch).
Yes, I was actually a member of the APSC at that time. The Wallis
recommendations abolished the ASPC and replaced it with the Payment
Systems Board. I think that was a pity since the APSC really offered a
forum where various interests talked. It even got a few things done!
The PSB is just the RBA in disguise. Generally, they don't give a
flying F about consumer issues. The original EFT Code was (suprisingly)
given real life by the Treasury representatives on the APSC.
Many thanks for the response.
Alan
>
> They had some interest in solid evidence, which was a pleasant
> surprise. (They = the RBA / regulatory members, not the bank reps of
> course). So maybe the offer of a presentation might be an angle that
> would attract their attention.
>
> Re the question you actually asked, Googling with mixtures of terms
> like <infection key-logger trojan statistics> and suchlike turns up
> some sources:
> http://www.webroot.com/resources/stateofspyware/excerpt.html
> http://www.secureworks.com/researchcenter/researchoverview.html
> http://www.sans.org/reading_room/?portal=2027af4cebaac272f701e38e131117a1
>
> But nope, nothing's obvious that actually answers the question ...
>
> Regards ... Roger
>
> --
> Roger Clarke
> http://www.anu.edu.au/people/Roger.Clarke/
> Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611
> AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916
> mailto:Roger.Clarke at xamax.com.au
> http://www.xamax.com.au/
>
> Visiting Professor in Info Science & Eng Australian National
> University Visiting Professor in the eCommerce Program
> University of Hong Kong Visiting Professor in the Cyberspace Law &
> Policy Centre Uni of NSW
> _______________________________________________ Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
>
--
Alan L Tyree http://www2.austlii.edu.au/~alan
Tel: +61 2 4782 2670 Mobile: +61 427 486 206
Fax: +61 2 4782 7092 FWD: 615662
More information about the Link
mailing list