-----BEGIN PGP SIGNED MESSAGE----- In article <wl3XYbuMc50e1Ir_Ze@nsb.fv.com>, Nathaniel Borenstein <nsb@nsb.fv.com> wrote:
Excerpts from mail: 29-Jan-96 More FUD from the Luddites .. Douglas Barnes@communiti (3569*)
Whether you're a business or an individual, having, say, your hard drive wiped clean by a virus would be several orders of magnitude worse than the relatively minor inconvenience of having to get unauthorized items deleted from your credit card bill.
For the consumer, absolutely.
For the bank, having millions of credit cards compromised by a single attacker is a more serious risk.
I've read your posts; I believe I understand them, and I believe I understand how First Virtual and other online payment systems work. I do not believe that an attack of this nature *can* yield millions of credit cards -- unless the attacker is Bill Gates or Marc Andreesen (and they have less risky ways of making lots of money). The degree to which the attack you describe is a threat to online commerce depends critically on the degree to which viruses and Trojan horse programs can propagate through their potential base of platforms. Virii *do* propagate, we know, and someone who reads Cypherpunks surely has the information on hand to say how well they propagate, given connectivity on the Internet on the one hand and widespread antivirus software on the other. My guess is that overall, the infection rate even by well-known virii such as Michaelangelo, is pretty low. Only a fraction of infected machines are going to be used for buying things over the Internet. As for Trojan horses, their penetration depends on how widely used they are. If one posted PAMELA ANDERSON STRIP POKER!!!1! to alt.binaries.pictures.erotica, how many copies would be downloaded and installed? How many users would also be online shoppers? The only way millions of credit cards would be at risk would be if the Trojan horse were installed on millions of Internet-connected machines -- it would have to be a very widely used Trojan horse, something as widely used as Win95, or Netscape. I believe that a person who can get that kind of distribution of their software has less risky and more fruitful ways of making money than stealing credit card numbers. In short, I believe that the risk to the credit card business of this attack is *at most* no greater than Xriva Zvgavpx'f (*) hack of 20,000 credit cards from Netcom, and very likely far, far smaller. "Millions" is an absurd and dishonest exaggeration. You should be ashamed of yourself. (*) Overused and overhyped name rot13ed to protect the delicate sensibilities of the Cypherpunks. - -- Alan Bostick | He played the king as if afraid someone else Seeking opportunity to | would play the ace. develop multimedia content. | John Mason Brown, drama critic Finger abostick@netcom.com for more info and PGP public key -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMQ+8gOVevBgtmhnpAQEuzQL9H8EHegrTdPSAe5nIM9eO9n4+xJR7SUrF Q1EWVIrM1tMILc02zwI5Qe3AoE0Bj+G7kBkuICZyoTjObm5sVAEF+dMhF25joGXI ztKwPUr3XLWRrX2PNj+V9zNWZxRHLJK2 =tX+9 -----END PGP SIGNATURE-----