On Mon, 2002-09-09 at 17:24, Phil Payne wrote:
> > It's both the code and the popularity.
>
> It's the value.
The financial value of attacking the bank doesn't pay off. Its moron
grade work to put a credit card number scanner into a virus and collect
the numbers later. Holes in SSL code have multiple times paid off in
credit card exploits. Holes in merchant scripts, holes in web browsers,
cross site javascript flaws.... ?
I can attack :
An average AOL user
A clueless web site running 4 year old software
A tightly run mainframe which almost certainly has a smart admin
The only value in breaking into an 390 system is to score k00l pointz
with the kiddiez.
> z/OS is indeed a prime target. Although there are (in Wintel terms) relatively few
>instances
> of z/OS around, they do manage to process almost all of the world's credit card
>transactions,
> most of the ATM traffic, etc.
The serious guys go for the real hard stuff. Folks like Ross crack the
IBM tamperproof crypto processor boards and smartcards not boring stuff
like zSystem.
Alan
