Comment on Attackers exploit fundamental flaw in the web’s security to steal $2 million in cryptocurrency by Phill Hallam-Baker

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

No, this is not a ‘fundamental flaw in Web security’. It is the result of a group of Cryptobros who didn’t have a clue trying to use a system that is utterly unsuited for what they are trying to use it for.

I have been working on Web Security and payment systems for 30 years. I was part of the original CERN team that developed the Web and Principal Scientist at VeriSign when we created the Web PKI.

For the past five years, all these crypto-currency goons have been running round telling us that we are all stupid, that they will replace the global payment system, that no government can stop them and that their currency systems are invincible.

So please explain how did we ‘Web/1.0’ people whose advice was rejected cause this screw up?

Anyone who is building a system to move $2 million around needs to take responsibility for the security of their product. If your payment scheme security depends on client side javascript, you are incompetent. There is no way to make that system safe. It did not require a BGP attack to burn it to the ground, the hackers were just showing off.

The security goal of the WebPKI CA system, which I wrote by the way, was to make online shopping as secure as bricks and mortar shopping. Nothing more.

The system we built in the 90s would have protected against this attack. Only the Google Chrome team don’t believe authentication is important and so

Read more

Explore the site

More from the blog

Latest News