At 09:24 AM 1/30/96 -0500, Nathaniel Borenstein <nsb@nsb.fv.com> wrote:

...

But I just can't believe that he thinks that the telephone is more secure on average than a keyboard.

We have a few pages of C code that scan everything you type on a keyboard, and selects only the credit card numbers. How easy is that to do with credit card numbers spoken over a telephone? The key is large-scale automated attacks, not one-time interceptions.

Speaker-independent recognition of digits is a done deal. For large-scale automated attacks, you obviously don't wiretap the customer; you hire The Dread Pirate Mitnick* to wiretap the 800 number for the Home Shopping Channel, and hoover down the CC numbers of a large number of known frequent-shopping cardholders. (Actually, hitting on them might be a bit tough, since they've presumably got direct T1s or T3s from one or more carriers, which are harder to tap than the average residence line.) (*Not the original Kevin "Dread Pirate" Mitnick, who's retired, but Fred Bargle, who's got the current Dread Pirate Mitnick franchise.... :-) #-- # Thanks; Bill # Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281 # http://www.idiom.com/~wcs