•   almost 12 years ago

Virus-based theft is a HUGE problem, no?

No matter how much cryptographic protection there is during the entire transaction process, this system will always be vulnerable to end-user virus theft - where a virus performs the actions that a human would usually do to authorize a transaction. This scares me to the point of being discouraged about the entire system, as optimistic as I am about technology.

Can anyone explain to me why this problem alone is not enough to throw this whole idea out the window? I can just forsee the day when MintChips go mainstream, and then you have malware botnets which generate value messages from connected MintChips on infected machines and sends money to a rogue remote server.

  • 4 comments

  •   •   almost 12 years ago

    Pickpockets can steal your wallet.

    Hasn't stopped the vast majority of monetary transactions for the last couple hundred years.

  •   •   almost 12 years ago

    I agree almost completely.

    I posted a very similar question directly to the development team (I hope they don't mind me posting their responses).

    - I don't see anything in the API even for a password or PIN to release funds or significant amounts of funds

    >> Correct, as an R&D project we are just publishing a raw API. We are looking for user and developer feedback as to how this technology could be used and secured in applications.

    - Banks will block suspicious transactions, would any similar mechanism be available for requests of suspicious transactions below the application layer.

    >> At this phase of the R&D project we are soliciting feedback as to how people might see this working.

    - What would the mechanism be for protecting the chip from physical theft?

    >> Like cash, this would be up to the user of MintChip and would likely be situational. A few dollars on a usb stick would be of less concern then several hundred dollars on a $1,000 telephone.

    My understanding based on the question I sent in, is the idea is this will be used to hold small amounts of money only. So each card may only have $50 or $100 dollars on it, so the protection against theft is less of a priority. I think I'll still have a steal all you're money function in my submission though, just to show the inherent lack of protection.

  •   •   almost 12 years ago

    Fully agree with Marks "pickpocket" analogy. ;-)

    And as Kevin states it shall be definitely be used for small amounts only.

    Everything else will evade privacy, needs independent third party control and - good forbid - centralized authoritative control of transactions.

    Willi

  •   •   almost 12 years ago

    long as the apps have the certificates utilized properly if a theft did occur it is traceable, so its really giving the victim a bit more recourse than physical money that can be hidden.

    if properly overlooked by the public, than the system would make everyone more honest in the long run potentially

    already started some app ideas ! - cheers

Comments are closed.