Stardate 20010605.0724 (On Screen): I used to know a guy who went to CalTech. He said that there was a company that was designing one of the first automated teller machines. Needless to say, when you're creating a machine which will be stocked with a hundred thousand dollars in used twenties, you're going to be concerned with security. They wanted to find out if their machine was vulnerable — so they brought it to CalTech and challenged the students there: anyone who could get it to issue "currency" (not real bills) without a legitimate card would get a prize of $500 (a lot of money in 1978) if they showed how it was done. Apparently it cost them about $30,000, and it was cheap at the price. The students found
a lot of security holes. One guy even managed to get it to issue a "bill" with a strip of cardboard shoved into a slot.
CalTech and MIT and RPI can't do the world's testing, of course (they've got studying and beer-drinking to do) but the principle is the same. If someone is really concerned with their security, the way to find out is to offer prizes to anyone who can crack the system and show how it was done. There are a lot of people out there willing to give it a try if they know they won't be prosecuted.
I wonder why it is that someone hasn't collected a bunch of bright cocky twenty-somethings and offered their consulting services as a computer assault team, "hackers-r-us.com" or some such. (Maybe I'll register a domain here. Anyone know the phone number of an honorable and reliable VC willing to invest in a speculative high-tech company?) (discuss)
