Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. "Paul M. Cardon"@fnbc.co (986*)
Any useful information in your anouncement is already well-known. The rest of it is alarmist and self-serving. There have been several excellent posts pointing out the flaws in your arguments.
No, they've pointed out flaws in the claim that FV has just invented keyboard sniffers. That's not our argument at all, it's a strawman.
Until I actually see an advisory from CERT, I'll just have to assume they told FV to go take a flying leap. I certainly hope they have enough integrity to ignore this.
I would never speak for the people at CERT, but if they had told us the threat wasn't real, we certainly wouldn't be claiming that it was. We went to CERT first for two reasons: to be responsible with the new threat we had uncovered, and to do a sanity check on its importance. Having said that, I'm quite sure that you won't see a CERT advisory, because we haven't released the program, it doesn't threaten anyone, and there aren't any patches you can download to fix the problem. It's not something within their mandate to issue advisories about. -- Nathaniel -------- Nathaniel Borenstein <nsb@fv.com> Chief Scientist, First Virtual Holdings FAQ & PGP key: nsb+faq@nsb.fv.com