At 1:57 AM 1/30/96, Nathaniel Borenstein wrote: [explanation of keysniffing intentions elided]

When you put all four of these together, you have an attack that IS new, in the sense that nobody we know of has ever mentioned it before, and which could in fact be used by a single criminal, with only a few weeks [elided]

Nathaniel, I took your posting in the spirit it was intended, I think, since it was obviously not directed at a c'punk audience. You may remember, BTW, that I did some information-gathering on keystroke sniffers early in 94. I, too, did not feel comfortable spreading the info too widely, however, though now, to a select audience, it might be timely. Thanks for pointing out a very valid set of attack parameters, BTW.

One good programmer, in less than a month, can write a program that will spread itself around the net, collect an unlimited number of credit card numbers, and get them back to the program's author by non-traceable mechanisms. Does anyone on this list doubt that this is true?

I do not doubt it for an instant. I even know some Eastern Eudopeans who might be at it as we speak. dave