Re: Security Flaw Is Discovered In Software Used in Shopping
--- begin forwarded text Date: Wed, 20 Sep 1995 10:47:24 -0400 (EDT) From: Nathaniel Borenstein <nsb@nsb.fv.com> To: www-buyinfo@allegra.att.com Subject: Re: Security Flaw Is Discovered In Software Used in Shopping Without belaboring the point too much, I think there are a few conclusions that really ought to be drawn: -- The world has never seen unbreakable encryption software, and almost certainly never will. Nothing that human beings ever build is perfect. -- Any encryption-based scheme is only as strong as its weakest link. Generally, you don't know what the weakest link will turn out to be. -- Basing a global financial infrastructure on the unbreakability of a certain algorithm or program is at best imprudent. Bear in mind that people as well respected as Dr. Adelman -- the "A" in RSA -- are hard at work trying to figure out how, for example, to use massive parallelism to break the basic algorithms of public key cryptography. -- Keeping sensitive financial information completely off the net is always best, whether or not you are using encryption. For information on a safe, non-cryptographic alternative that has been fully operational for nearly a year, with over 30,000 paying customers, a growth rate featuring a six week doubling period, and NO break-ins to date, check out http://www.fv.com. -- Nathaniel -------- Nathaniel S. Borenstein <nsb@fv.com> | When privacy is outlawed, Chief Scientist, First Virtual Holdings | only outlaws will have privacy! FAQ & PGP key: nsb+faq@nsb.fv.com | SUPPORT THE ZIMMERMANN DEFENSE FUND! ---VIRTUAL YELLOW RIBBON-->> zldf@clark.net <http://www.netresponse.com/zldf> --- end forwarded text ----------------- Robert Hettinga (rah@shipwright.com) Shipwright Development Corporation, 44 Farquhar Street, Boston, MA 02131 USA (617) 323-7923 "Reality is not optional." --Thomas Sowell
Phree Phil: Email: zldf@clark.net http://www.netresponse.com/zldf <<<<<
Robert Hettinga writes:
--- begin forwarded text [...] Date: Wed, 20 Sep 1995 10:47:24 -0400 (EDT) From: Nathaniel Borenstein <nsb@nsb.fv.com> To: www-buyinfo@allegra.att.com Subject: Re: Security Flaw Is Discovered In Software Used in Shopping
For information on a safe, non-cryptographic alternative that has been fully operational for nearly a year, with over 30,000 paying customers, a growth rate featuring a six week doubling period, and NO break-ins to date, check out http://www.fv.com. -- Nathaniel After some research on the above advertised site : " If you can talk to FIRST VIRTUAL via electronic mail, and nobody else can read or reply to your E-mail, then your E-mail account is compatible with FIRST VIRTUAL. " Wonderfull, this makes about ***nobody*** Are those folks stupid enough to think that using clear text mail is something resonnable !!! better use even netscape 1.1 export ! (basically their 'trick' is that you send your CC# by phone, they then give you an "id" by clear text EMAIL that allows you to shop (you and all the folks that can intercept your mails) shopping are confirmed by sending you a clear (!) mail, that you need to answer with "YES" "NO" or "FRAUD" (!!) very funny system.... I imagine the poor fooled customer bills... Probably a lawyer devised te above statement so if
[...] ppl get charged with thing they didn't asked for, fir$t virtual will answer they were at fault because "someone" can read their mail (even if the someone is the hacker around FV's mail exchanger...) dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept Legion of Doom Kennedy Qaddafi security break North Korea DST
Laurent -- I strongly recommend that you make an effort to understand the real risks involved in Internet commerce. There are critical security flaws in the encrypted commerce approach, which I fear you are overlooking. By focusing on the ease of stealing a single identifier, or faking a single transaction, I think you overlook some much more important issues. The point is not that people can't intercept your First Virtual ID by sniffing on the net. Obviously they can. The point is not that people can't forge mail from you. Obviously they can. The point is not that people can't intercept FV's confirmation query, which contains a one-time code, and forge the appropriate response to authorize that purchase. Obviously they can. The point is not that people can't selectively block your incoming mail, so that you can't even tell when the above has happened. Obviously they can. The point is that if someone goes to all the trouble of doing all the above -- which is what it takes to commit serious fraud with First Virtual -- then *all* that they get is the temporary use, on the Internet only, of a single credit card. (Note also that I've just spelled out *exactly* what it takes to commit fraud with FV. I am suspicious of any commerce systems that don't offer such an explanation. In the case of SSL, the explanation would probably start out, "find a single bug in the implementation of the cryptographic algorithms.") Schemes like SSL, which encrypt a credit card number and then transmit it on the net, carry with them a very different kind of risk: the risk that a single criminal could steal MILLIONS of credit card numbers. If an SSL-like scheme were in wide use world-wide, the hacker who just made a name for himself by breaking SSL could instead have gone down in HISTORY as the person who destroyed the twentieth-century credit card system by stealing millions of credit cards and using each one just once. Or, if his goals were more practical, he could have simply chosen any desired level of affluence and lived that way for the rest of his life. (This is not an exaggeration. I can flesh this out to an alarming degree of detail, actually.) FV does not claim to have invented a method of commerce that is foolproof. There is no such system, and that certainly includes the existing credit card, cash, and check infrastructure. What FV has invented is a system for Internet commerce in which the risk/reward ratio is sufficiently low to permit large-scale commerce. Any cryptographic approaches which make similar claims must also be evaluated in terms of risk/reward ratio. If a system has a catastrophic risk, no matter how low-probability, this is worse than a system with higher-probability risks of much lower consequence. (When driving my car, I'd rather be in ten fender-benders than one high-speed head-on collision at 90 MPH.) My own experience with real-world software -- which is only confirmed by the recent SSL scandal -- makes me tend to believe that every program has bugs, and that therefore every crypto system will carry with it a significant practical risk of compromise. It therefore makes no sense to design the commerce infrastructure in such a way that the cost of that risk is catastrophic. FV has had several minor incidents of fraud. They didn't make any headlines and they didn't require any mad scramble to fix the software, because the costs of the fraud were so low to all concerned. -- Nathaniel -------- Nathaniel S. Borenstein <nsb@fv.com> | When privacy is outlawed, Chief Scientist, First Virtual Holdings | only outlaws will have privacy! FAQ & PGP key: nsb+faq@nsb.fv.com | SUPPORT THE ZIMMERMANN DEFENSE FUND! ---VIRTUAL YELLOW RIBBON-->> zldf@clark.net <http://www.netresponse.com/zldf>
You have excellent points in your detailed answer, thank you, but If FV was as used as SSL could be, what prevents, to use your terms, someone to get MILLIONS of FV's identifiers and use each one only once, etc ... (imo your figures about SSL and crypto softs risks are over evaluated, so I over evaluate the 'risks' of yours using same assumptions) There can't be more security by transferring data on the clear compared to an encrypted one... except maybe that people using encryption can often feel overconfident. So, as someone pointed out, it is not that much a problem about CC# which are available easily anyway, but in fact, using encrypted communications is the only way to ensure (some) *privacy*, in addition to being a security improvement. A problem is to avoid to fail on "customer expectation", especially when you've created it. So probably there was too much focus and advertising on security issues on the internet, by the very same companies that prove later to fail, giving wrong expectation. Privacy remains a goal anyway, and financial insecurity never was a problem as long as it remains under a small %. So I'd prefer to use crapy netscape 1.1 40 bits export SSL than your system... Though what I'd really use is PGP :-) Anyway, if you have happy customers, good for you... I'd suggest that you'd use "Security through Clarity" as motto ;-) dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept fissionable SEAL Team 6 Kaser Sose nuclear Clinton domestic disruption DST
In article <0kMA2EqMc50eMEb4Yx@nsb.fv.com>, Nathaniel Borenstein <nsb@nsb.fv.com> wrote:
If an SSL-like scheme were in wide use world-wide, the hacker who just made a name for himself by breaking SSL could instead have gone down in
Ugh. That word again. I'm only 22, but I'm old enough to remember when there were people called "crackers", and being called a "hacker" was a _good_ thing. I know at least one article about the break went, "Two hackers in Berkeley, California...". We actually got questions from reporters asking why we didn't just use our newly-found hole to snoop financial transactions. I've done a lot of root-breaking in my (short) time, but I work for the Good Guys (TM). - Ian "hey, I warned you it was noise"
participants (4)
-
iagoldbe@csclub.uwaterloo.ca -
Laurent Demailly -
Nathaniel Borenstein -
rah@shipwright.com