Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit
Someone claiming to be "Nathanial Borenstein" writes:
As you may already have heard via the popular press, First Virtual Holdings has developed and demonstrated a program which completely undermines the security of every known credit-card encryption mechanism for Internet commerce.
[...] I started reading this thinking it was actually something important. All it describes is a keyboard monitor, which greps for CC#s, and which could be spread by an (unspecified) virus, and sends the output to a crook over the net by some (unspecified) mechanism. So, what else is new? [...]
Nathaniel Borenstein <nsb@fv.com> Chief Scientist, First Virtual Holdings FAQ & PGP key: nsb+faq@nsb.fv.com
It's sort of interesting that "Nathaniel Borenstein" has a PGP key, but failed to clearsign this message, which loudly trumpets it's great import. Considering the lack of actual content, I feel compelled to warn readers that this may be a forgery, designed to make him look like he's scaremongering. strictly speaking for myself Peter Trei ptrei@acm.org Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei@process.com
Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. "Peter Trei"@acm.org (1233)
I started reading this thinking it was actually something important. All it describes is a keyboard monitor, which greps for CC#s, and which could be spread by an (unspecified) virus, and sends the output to a crook over the net by some (unspecified) mechanism.
There are many ways to spread it besides a virus. Zillions of 'em. And there are totally anonymous ways to redistribute it, some of which I've never seen described publicly, which is why they were left unspecified.
It's sort of interesting that "Nathaniel Borenstein" has a PGP key, but failed to clearsign this message, which loudly trumpets it's great import. Considering the lack of actual content, I feel compelled to warn readers that this may be a forgery, designed to make him look like he's scaremongering.
Do you have my key in your key ring? I rather doubt it. So what good would it have done? Have you downloaded my key from the net? Assume that you have. How do you know it's mine? I use PGP about 20 times per day. I use it in a manner that is *meaningful*. Unless we have in some way or another verified each others' keys, it is meaningless for me to sign a message to you. Putting a PGP signature on a message to someone who has no way of verifying your keys is a nice political statement, but is utterly meaningless in terms of adding any proof of the sender's identity. -- Nathaniel PS -- On the off chance that anyone really doubts this is me, I will shortly send cypherpunks a message that has my own voice AND a PGP signature thereupon. That way, you can check my identity if you either recognize my voice OR have verified my fingerprint. Sheesh. -- NB
-----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, nsb@nsb.fv.com writes:
I use PGP about 20 times per day. I use it in a manner that is *meaningful*. Unless we have in some way or another verified each others' keys, it is meaningless for me to sign a message to you. Putting a PGP signature on a message to someone who has no way of verifying your keys is a nice political statement, but is utterly meaningless in terms of adding any proof of the sender's identity. --
You are incorrect. Keys can always be obtained, and signatures can be verified at any time. But an unsigned message can _never_ be verified as to its origin. You may not have my key, but I still sign this message (as I have signed all my net traffic for over 3 years). I do this to protect the reputation capital I've built up.
PS -- On the off chance that anyone really doubts this is me, I will shortly send cypherpunks a message that has my own voice AND a PGP signature thereupon. That way, you can check my identity if you either recognize my voice OR have verified my fingerprint. Sheesh. -- NB
Sheesh, yourself, Nathaniel (if that _is_ your True Name). You're showing a real attitude here, as though your reputation alone should be enough to convince us of your messages' validity. A malicious attacker would be likely to bluster this way to deflect discovery of hir ruse. We're all nyms on the net. And yours wears no armor. - -- Roy M. Silvernail -- roy@cybrspc.mn.org will do just fine, thanks. "Does that not fit in with your plans?" -- Mr Wiggen, of Ironside and Malone (Monty Python) PGP public key available upon request (send yours) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMQ4PVhvikii9febJAQHqSgP/YTCBuPGD3yKEGQo6oYzr0gfxIs2MJFCB xJnSS84g4n6yxSz9u8Ffkq/BHsiRA6eFBuIhLdn0nsMORiEneXGadT+Of9+qvZXA kfr47lC01uZLfldc8CH5gJG3bc4860nz4z4YhNDW1+3jRkKN2Gzp5V1YWKWvTuIl kKw4L4ZYZCk= =rkJ/ -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Nathaniel Borenstein writes:
Have you downloaded my key from the net? Assume that you have. How do you know it's mine?
For all intents and purposes so far, "Nathaniel Borenstein" is something that occasionally sends mail to the cypherpunks list, apparently from nsb.fv.com. I expect that NSB turns out to consist of more than that, but not in my own experience. This entity persistently offers a public key from an email address @nsb.fv.com. If I retrieved the key from that address, I would have a reasonable expectation (though not assurance) that I could use it to verify the integrity of signed messages emanating from that address. In my world, "you" == nsb@nsb.fv.com, and hence "your key" == the key I could fetch from nsb+faq@nsb.fv.com.
I use PGP about 20 times per day. I use it in a manner that is *meaningful*. Unless we have in some way or another verified each others' keys, it is meaningless for me to sign a message to you. Putting a PGP signature on a message to someone who has no way of verifying your keys is a nice political statement, but is utterly meaningless in terms of adding any proof of the sender's identity. --
I discussed the identity issue above. Assuming a corresponding key can be found (which is clearly the case here), the signature on the message can be verified as a MAC. It would have been nice to be able to check, for example, that the SHOUTING IN CAPS in your announcement wasn't just the result of some manipulation of the message in transit to make it appear more hysterical. FWIW, I have lost a great deal of respect for you today (unrelated to the content of this message). Futplex <futplex@pseudonym.com> -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMQ2fACnaAKQPVHDZAQEn6wf9F1pmSnKBAv3acUSvy1x8Sb93J0aepqmo 8NXBsRy7NEErYWvME1PQ3JGAQ2prgzIARswWDS8NrzWmJi04VkGwrIALkUHreOvz mMIjAx86R/DXq3iShPGO5uDN+jSXKMsUeeLgHZfE1ipcThGch5rSVDMR3VxRnDFw WZIg+xSmy4JWfpiLhFP6BQjSqhEMw+9LZWndD+ZsUgGEuaSuJcVH5bvHFHiQNOUr Z1JxYQeauBbqwU7Yb1FIrHJwU3tS1Q2dNdSaDayyalv5K+CLbT8089kX3BAn/Sjf 7RqqdCqqESic6mVbG0RK1IqwImsYzxzorKSDmxriTTERgaD9lJkrWA== =/xzE -----END PGP SIGNATURE-----
Excerpts from mail: 29-Jan-96 Re: Signature use and key t.. Futplex@pseudonym.com (2183*)
In my world, "you" == nsb@nsb.fv.com, and hence "your key" == the key I could fetch from nsb+faq@nsb.fv.com.
Right, absolutely. But let's face it, by now you believe it's me anyway, or the real nsb@nsb.fv.com would have spoken up and argued with me. On the other hand, if I start routinely PGP-signing email, then the value of slowly brute-force cracking my private key goes way up. If FV is successful, for example, you could spend a few years breaking my key, and then forge apparently-slanderous signed mail from me to you as part of a lawsuit. This would be far more believable, in a court of law, if I routinely signed everything than if I didn't. I don't routinely sign things because I think it is asking for problems with retrospective forgery down the road. I might, however, consider routinely signing things once I can easily incorporate a digital timestamping service like the one from Surety into my signature.
FWIW, I have lost a great deal of respect for you today
I sincerely hope that you will gain it back when you realize that not all "hype" is without substance, and that we really have unveiled a genuine, previously-unrecognized, and extremely important flaw in commercial mechanims that purport to offer security through the software encryption of credit card numbers. -- Nathaniel -------- Nathaniel Borenstein <nsb@fv.com> Chief Scientist, First Virtual Holdings FAQ & PGP key: nsb+faq@nsb.fv.com
-----BEGIN PGP SIGNED MESSAGE----- Expire your keys annually. You know about key lifetimes & expiry, and in fact talk about them at length in your 'Experiences' paper. So I assert that this is a straw man. The included key has an expiration date on it. Nathaniel Borenstein wrote: | Right, absolutely. But let's face it, by now you believe it's me | anyway, or the real nsb@nsb.fv.com would have spoken up and argued with | me. On the other hand, if I start routinely PGP-signing email, then | the value of slowly brute-force cracking my private key goes way up. If | FV is successful, for example, you could spend a few years breaking my | key, and then forge apparently-slanderous signed mail from me to you as | part of a lawsuit. This would be far more believable, in a court of | law, if I routinely signed everything than if I didn't. - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCKAzBjLm4AAAED53EETCG11u/jmMQmWvp1wRU10XUOtXjC/3zVGS23G3bv0o7F JqdYDWJBp1Rzjb5p6t8KXTPVwx1ZXG8AvJcNFyZiYUznDiHDCT9JScQG5NL++C3r x6n2YaQLooQgsw5l9aWEJ9Qi3UnQOVA2ZkaYs9RQdJsH8N5XP6PQNGpRAAURtC5B ZGFtIFNob3N0YWNrIDxhZGFtQGhvbWVwb3J0Lm9yZz4gW0V4cCBBdWcgOTZdiQCV AwUQMGMuqAWt5TRah1f5AQGjiwP9H3VhNDLNvNkll2Db7ccQlppbFgFjxj5/MTBj jFD7+FRZcSG4kpbkLYz4gPwY/upf+9N8dp+lEKXNtYLFVfSCkPSMAQhRK1PA4aqv YlTerDwWQxt4Zyv8H30GO2zm0TkCMWMS6ZZN9U/jk0t7VTYOFvW7sQeiKV4BDScd 7eU62XM= =Z34o - -----END PGP PUBLIC KEY BLOCK----- - -- "It is seldom that liberty of any kind is lost all at once." -Hume -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCSAwUBMQ4+ZN5XP6PQNGpRAQE4IQPmLiLyT7/7VAw6Z5ajqDlJCiMwubUQTtc+ pCo3RPZjJ8IakLvgXF06LJoIK7ObYbgfRED90v/LNlZivE1CpHQb9QRobNYqIBgU ZQBw4NkqCAS9kH4K+LrK1ce4sPF8gLBwZBSS+PJXS+BBW6Tp2kDF534Ro6x+hMOV k1Xuc7s= =GlZS -----END PGP SIGNATURE-----
Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. "Paul M. Cardon"@fnbc.co (986*)
Any useful information in your anouncement is already well-known. The rest of it is alarmist and self-serving. There have been several excellent posts pointing out the flaws in your arguments.
No, they've pointed out flaws in the claim that FV has just invented keyboard sniffers. That's not our argument at all, it's a strawman.
Until I actually see an advisory from CERT, I'll just have to assume they told FV to go take a flying leap. I certainly hope they have enough integrity to ignore this.
I would never speak for the people at CERT, but if they had told us the threat wasn't real, we certainly wouldn't be claiming that it was. We went to CERT first for two reasons: to be responsible with the new threat we had uncovered, and to do a sanity check on its importance. Having said that, I'm quite sure that you won't see a CERT advisory, because we haven't released the program, it doesn't threaten anyone, and there aren't any patches you can download to fix the problem. It's not something within their mandate to issue advisories about. -- Nathaniel -------- Nathaniel Borenstein <nsb@fv.com> Chief Scientist, First Virtual Holdings FAQ & PGP key: nsb+faq@nsb.fv.com
Interesting address that was used to reach me. To: pmarc@nsb.fv.com To: pmarc Somehow, both reached me from within their system, but if they can't configure their e-mail to show the proper address than I don't have to much faith in their other abilities. I don't imagine that anybody else would have much luck replying to either of those or CAN I now receive mail at nsb.fv.com? Is this a new free service provided by FV? --- Paul M. Cardon System Officer - Capital Markets Systems First Chicago NBD Corporation MD5 (/dev/null) = d41d8cd98f00b204e9800998ecf8427e
My mailer insists that Nathaniel Borenstein wrote: [ An impressive amount of tripe ] Nathaniel, go away. You botha us. Any useful information in your anouncement is already well-known. The rest of it is alarmist and self-serving. There have been several excellent posts pointing out the flaws in your arguments. BTW, I took a look at the FV web page. While checking out the information section I had a bad flashback to one of those late night infomercials on "buying and selling." Looks cut from the same mold. Truly sad. Until I actually see an advisory from CERT, I'll just have to assume they told FV to go take a flying leap. I certainly hope they have enough integrity to ignore this. Hmm.. Did I just hear the sound of Nathaniel Borenstein and *@*.fv.com being added to ZILLIONS :-) of killfiles and filter lists? KLUNK I thought I did. --- Paul M. Cardon -- I speak for myself . 'nuff said. MD5 (/dev/null) = d41d8cd98f00b204e9800998ecf8427e
I know people are tired of hearing from me, but I can't let *this* go unchallenged: Excerpts from mail.cypherpunks: 30-Jan-96 Re: FV Demonstrates Fatal F.. "Paul M. Cardon"@fnbc.co (580*)
Interesting address that was used to reach me.
To: pmarc@nsb.fv.com To: pmarc
Somehow, both reached me from within their system, but if they can't configure their e-mail to show the proper address than I don't have to much faith in their other abilities. I don't imagine that anybody else would have much luck replying to either of those or CAN I now receive mail at nsb.fv.com? Is this a new free service provided by FV?
Bogus mail addresses of that kind are typically added by all sorts of mail relays. In other words, although I can't tell you 100% for certain without seeing the mail headers, the scenario underlying this was probably something involving a bogus mail relay. Alternately, there are some systems where this could have all happened entirely on your end, in your delivery software. There are a zillion ways this can happen, actually. I've checked my archive, and that address definitely was not in the mail when it left my system. I can guarantee you that it wasn't our system that did this. If there's one things we know cold, it's email. -- Nathaniel -------- Nathaniel Borenstein <nsb@fv.com> Chief Scientist, First Virtual Holdings FAQ & PGP key: nsb+faq@nsb.fv.com
My mailer insists that Nathaniel Borenstein wrote:
I know people are tired of hearing from me, but I can't let *this* go unchallenged:
Excerpts from mail.cypherpunks: 30-Jan-96 Re: FV Demonstrates Fatal F.. "Paul M. Cardon"@fnbc.co (580*)
Interesting address that was used to reach me.
To: pmarc@nsb.fv.com To: pmarc
Somehow, both reached me from within their system, but if they can't configure their e-mail to show the proper address than I don't have to much faith in their other abilities. I don't imagine that anybody else would have much luck replying to either of those or CAN I now receive mail at nsb.fv.com? Is this a new free service provided by FV?
Bogus mail addresses of that kind are typically added by all sorts of mail relays. In other words, although I can't tell you 100% for certain without seeing the mail headers, the scenario underlying this was probably something involving a bogus mail relay. Alternately, there are some systems where this could have all happened entirely on your end, in your delivery software. There are a zillion ways this can happen, actually. I've checked my archive, and that address definitely was not in the mail when it left my system.
You like that zillion word when you can't quantify something.
I can guarantee you that it wasn't our system that did this. If there's one things we know cold, it's email.
C'mon Nathan. It was in the Received headers generated at your end. I agree that it COULD have happened on our end, but it didn't. I've never seen anybody with such an arrogant attitude. BTW, it looks like it has been fixed now. :-b --- Paul M. Cardon MD5 (/dev/null) = d41d8cd98f00b204e9800998ecf8427e
Excerpts from mail.cypherpunks: 2-Feb-96 Re: FV Demonstrates Fatal F.. "Paul M. Cardon"@fnbc.co (1751*)
I can guarantee you that it wasn't our system that did this. If there's one things we know cold, it's email.
C'mon Nathan. It was in the Received headers generated at your end. I agree that it COULD have happened on our end, but it didn't. I've never seen anybody with such an arrogant attitude. BTW, it looks like it has been fixed now. :-b
Well, I would think that if you were seriously trying to diagnose this problem, you would have heeded my request and actually sent me the Received headers that you claim prove that there was a problem on my end. I've been tracking down mail delivery problems for fifteen years now, I take them *excruciatingly* seriously, and I think I know a *little* bit about them. If that makes me arrogant, I apologize. Received headers are typically (but not always) added at each step along the way as a mail message travels in a store-and-forward manner. Mail that leaves my system typically(i.e. using my preferred user agent) has two Received headers by the time it leaves, and neither of them specify the destination address at all. Received headers don't generally include destination informations, but may include them optionally, using a FOR clause. Any Received header that actually included the bogus address you specified is definitely not generated by my machine, not merely because I'm confident it wouldn't use that address, but more critically because that clause of Received headers (FOR) isn't EVER generated by my machine! That's how I can be so absolutely sure that it wasn't added by my machine. When messages leave my machine they have two Received headers, using these formats: Received: by nsb.fv.com (4.1/SMI-4.1) id AA26452; Fri, 2 Feb 96 16:40:24 EST Received: from Messages.8.5.N.CUILIB.3.45.SNAP.NOT.LINKED.nsb.fv.com.sun4.41 via MS.5.6.nsb.fv.com.sun4_41; Fri, 2 Feb 1996 16:40:23 -0500 (EST) Note the complete absence of any FOR clause here. It doesn't matter WHO my system is sending mail to, it doesn't document the fact in the Received headers. (NOTE TO C'PUNKS: In general, any mail relay that uses the FOR clause for anything other than "final" delivery -- a very tricky concept, by the way -- is indulging in a potentially very serious breach of privacy, which should certainly concern the readers of this list. That's because it is typically based on the envelope addresses rather than the header addresses, and hence can expose recipient names that the sender thinks were being kept confidential, such as BCC addresses. That's one reason I prefer not to use the FOR clause at all.) Note also that Received headers almost always appear in reverse order of composition, because most relaying software just prepends them. This means that the mail you got from me probably has two headers like this one, and that the one before it is the first one added by any machine other than mine. Most likely, the one before this is added at FV's mail relay. I don't *think* it uses "FOR" clauses either, but I can't swear to that. I hope this is helpful. This is as far as I can go in diagnosing this problem without actually seeing the mail headers you claim to have received. If you have any interest in diagnosing the real problem, as opposed to publicly flaming me, I encourage you to send me the headers. I also see no point whatsoever in continuing to CC cypherpunks on the diagnosis of a mail delivery problem, but will continue to do so in my replies if you continue to send mail to cypherpunks slandering my technical abilities in the guise of talking about a mail delivery problem for which you refuse to provide documentary evidence that is allegedly in your posession. -- Nathaniel -------- Nathaniel Borenstein <nsb@fv.com> Chief Scientist, First Virtual Holdings FAQ & PGP key: nsb+faq@nsb.fv.com
participants (6)
-
Adam Shostack -
futplex@pseudonym.com -
Nathaniel Borenstein -
Paul M. Cardon -
Peter Trei -
roy@sendai.cybrspc.mn.org