At 1:29 PM 1/29/96, cjs wrote:

...

As you may have read in my previous message, First Virtual has developed and demonstrated a program that completely undermines all known schemes for using software-encrypted credit cards on the Internet. More details are avialable at http://www.fv.com/ccdanger.

That was the easy part.

***ROFL***

This "pre-encryption" program is not a virus. It attaches to the keyboard driver and captures keystrokes from the keyboard as they are typed -- BEFORE they can be encrypted by the application encryption software. First Virtual scientists note that credit a check-digit. A greater danger is that passwords are also as easily captured.

***ROFL***

Umm - that is not news, it's an old hacker trick originally used for scamming login/passwd pairs. I've seen this done as either a patch to the telcom program used in a public lab on campus (this was actually quite clever - it'd wait till you completed your login and then email the cracker your login/passwd while simultaneously keeping the information from appearing on screen. It even kept his email address encrypted so I had to use a debugger to find it) or as a TSR or Macintosh extension. 2048bit-Fingerprint: F8 A2 A5 15 56 42 9B 16 3F BD 57 0F 8A ED E3 21 No man's life, liberty or property are safe while the legislature is in session.