Date: Wed, 11 Mar 1998 13:14:42 -0500 From: Robert Hettinga Subject: DCSB: Adam Shostack; No Silver Bullet -- Digital Commerce and Payment Security The Digital Commerce Society of Boston Presents Adam Shostack Netect, Inc. "No Silver Bullet" Digital Commerce and Payment Security Tuesday, April 7, 1997 12 - 2 PM The Downtown Harvard Club of Boston One Federal Street, Boston, MA The traditional threats that apply to digital commerce systems are the same as the threats against all other commerce systems. But the communications networks that are available to the bad guys make possible and effective attacks that could never work before. Adam Shostack will examine some of these new threats to electronic commerce, some of the potential solutions, and share his vision of the future tools to protect commerce. New attacks against commerce include the automation of knowledge. The pickpocket of old needed to practice for years to learn how to be effective. Today's 14 year olds can download a package with a win95 interface to exploit security holes. The nature of the internet allows them to engage in these attacks anonymously. The anonymous nature of the net also means that people can engage in attacks that have a very small payoff, or a small chance of a large payoff. They also engage in attacks for the thrill of it, costing companies trust and confidence, as well as down time and its associated lost revenue. New methods of dealing with the threats and problems posed by the automation of new attacks will be required. Where 'traditional' security measures, such as firewalls, have failed to deal with the new attacks, there is need to try new approaches. This talk will cover the new breeds of attack, and the new methods of building secure foundations to help busy companies cope. Mr. Shostack is Director of Technology for Netect, Inc, a startup making innovative applications to help cope with the new breed of security problems. He has extensive background in designing, implementing and testing secure systems for clients in the medical, computer, and financial industries. His recent public work includes 'Apparent Weaknesses in the Security Dynamics Client Server Protocol,' 'Source Code Review Guidelines,' and comparisons of freely available cryptographic libraries. Adam was also one of the instructors, along with John Kelsey of Counterpane, and Gary Howland of SecureAccounts, in Ian Goldberg's FC98 Financial Cryptography Workshop, which was held in Anguilla in early March this year. This meeting of the Digital Commerce Society of Boston will be held on Tuesday, April 7, 1997, from 12pm - 2pm at the Downtown Branch of the Harvard Club of Boston, on One Federal Street. The price for lunch is $32.50. This price includes lunch, room rental, various A/V hardware, and the speaker's lunch. ;-). The Harvard Club *does* have dress code: jackets and ties for men (and no sneakers or jeans), and "appropriate business attire" (whatever that means), for women. Fair warning: since we purchase these luncheons in advance, we will be unable to refund the price of your lunch if the Club finds you in violation of the dress code. We will attempt to record this meeting for sale on CD/R, and to put it on the web in RealAudio format, at some future date. We need to receive a company check, or money order, (or, if we *really* know you, a personal check) payable to "The Harvard Club of Boston", by Saturday, April 4th, or you won't be on the list for lunch. Checks payable to anyone else but The Harvard Club of Boston will have to be sent back. Checks should be sent to Robert Hettinga, 44 Farquhar Street, Boston, Massachusetts, 02131. Again, they *must* be made payable to "The Harvard Club of Boston", in the amount of $32.50. Please include your e-mail address, so that we can send you a confirmation If anyone has questions, or has a problem with these arrangements (We've had to work with glacial A/P departments more than once, for instance), please let us know via e-mail, and we'll see if we can work something out. Upcoming speakers for DCSB are: May Jeremey Barrett Digital Bearer Certificate Protocols June Michael Baum PKI and the Commercial CA We are actively searching for future speakers. If you are in Boston on the first Tuesday of the month, and you would like to make a presentation to the Society, please send e-mail to the DCSB Program Commmittee, care of Robert Hettinga, . For more information about the Digital Commerce Society of Boston, send "info dcsb" in the body of a message to . If you want to subscribe to the DCSB e-mail list, send "subscribe dcsb" in the body of a message to . We look forward to seeing you there! Cheers, Robert Hettinga Moderator, The Digital Commerce Society of Boston