Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. "Peter Trei"@acm.org (1233)
I started reading this thinking it was actually something important. All it describes is a keyboard monitor, which greps for CC#s, and which could be spread by an (unspecified) virus, and sends the output to a crook over the net by some (unspecified) mechanism.
There are many ways to spread it besides a virus. Zillions of 'em. And there are totally anonymous ways to redistribute it, some of which I've never seen described publicly, which is why they were left unspecified.
It's sort of interesting that "Nathaniel Borenstein" has a PGP key, but failed to clearsign this message, which loudly trumpets it's great import. Considering the lack of actual content, I feel compelled to warn readers that this may be a forgery, designed to make him look like he's scaremongering.
Do you have my key in your key ring? I rather doubt it. So what good would it have done? Have you downloaded my key from the net? Assume that you have. How do you know it's mine? I use PGP about 20 times per day. I use it in a manner that is *meaningful*. Unless we have in some way or another verified each others' keys, it is meaningless for me to sign a message to you. Putting a PGP signature on a message to someone who has no way of verifying your keys is a nice political statement, but is utterly meaningless in terms of adding any proof of the sender's identity. -- Nathaniel PS -- On the off chance that anyone really doubts this is me, I will shortly send cypherpunks a message that has my own voice AND a PGP signature thereupon. That way, you can check my identity if you either recognize my voice OR have verified my fingerprint. Sheesh. -- NB