Light Blue Touchpaper » Blog Archive » I’m from the Government and I’m here to help #security #openstandards

Ross Anderson writes:

(caution: links exist in original)

Two years ago, Hyoungshick Kim, Jun Ho Huh and I wrote a paper On the Security of Internet banking in South Korea in which we discussed an IT security policy that had gone horribly wrong. The Government of Korea had tried in 1998 to secure electronic commerce by getting all the banks to use an officially-approved AciveX plugin, effectively locking most Koreans into IE. We argued in 2010 that this provided less security than it seemed, and imposed high usability and compatibility costs. Hyoungshick presented our paper at a special conference, and the government withdrew the ActiveX mandate.

It’s now apparent that the problem is still there. The bureaucracy created a procedure to approve alternative technologies, and (surprise) still hasn’t approved any. Korean web businesses remain trapped in the bubble, and fall farther and farther behind. This may well come to be seen as a warning to other governments to adopt true open standards, if they want to avoid a similar fate. The Cabinet Office should take note – and don’t forget to respond to their consultation!

via Light Blue Touchpaper » Blog Archive » I’m from the Government and I’m here to help.

One thought on “Light Blue Touchpaper » Blog Archive » I’m from the Government and I’m here to help #security #openstandards

  1. Dave Walker

    Currently working on my consultation response.

    Whatever intrinsic security issues ActiveX might or might not have, locking customers into Microsoft Windows has never been a good idea. Back in the early 2000s, Barclays tried it over here when they first rolled out electronic banking; their website specifically stated that they required users to be running Microsoft Windows, as they considered “Unix and its variants” to be insufficiently secure.

    I persuaded a few friends to move their bank accounts over that gaffe, and closed my own Barclays one…

    Reply

Leave a Reply