[AUUG-Talk]: Re: Membership Renewals

[David Lloyd]

David,

> Having had a look at your post, I have decided that I will never hire
> you as a security consultant, since it is your belief that security
> systems should fail open.

I believe they shouldn't fail at all...

> The AUUG system was designed to fail safe. In the handover there was a
> failure (human error), and so it failed - safe. The bad news - we cannot
> recover the credit card details. The good news - neither can anyone else.

I think what you mean to say, is that you have reasonable belief that 
noone else can recover the credit card details.

Given the reasonable assumption that the security system for credit 
cards is to only allow those authorised to access the details for the 
particular purpose allowed, my point is that the system has failed and 
become unusable.

I don't think you disagree with that point.

One might reasonably argue that being unusable, in this case, is a lot 
better than being openly usable but I think it eminently reasonable to 
assume that AUUG kept the details for a purpose other than to prove its 
security mechanism failed safely rather than openly.

I think we're discussing two different points:

1) I'm pointing out that if the credit cards aren't available for
    whatever reason then the system is not usable AND I'd hope you'd
    agree that security systems should be designed so that those
    authorised to use the protected information/systems/whatever are able
    to use them

2) You've pointed out that it is better for a security system to fail
    safely rather than openly

And I agree with both of those points :)

DSL