I thought I'd ask how the list is going... it seems to have gone downhill; there are now totally gratoitous insults to tcmay that don't seem to serve any purpose besides making sure the archive (if there is one) isn't fit for family viewing. Hey, at least when I was insensitive, I put effort into it. And I didn't use an automatic daemon. Anyway, I thought I'd catch up on current events with the following questions: * I take it SSL still hasn't been strengthened? * I'm now working part of the time at a company that has a lot of mail-order sales; are any of you aware of how much credit card fraud is going on out there right now? Might some of this actually be from unsecure SSL transactions? * Did anyone come up with any interesting embellishments (or maybe precedents?) to my bidirectional Dining Cryptographers idea? I can't believe I'm the first to come up with this... I guess it's public domain now, since I missed the one-year deadline for patenting it. Well, I gotta run... Phil Fraering "And the moral of the story is, pgf@acadian.net *never count your boobies until they 318/261-9649 are hatched*." - James Thurber, "The Unicorn in the Garden"
Phil Fraering writes:
I thought I'd ask how the list is going... it seems to have gone downhill; there are now totally gratoitous insults to tcmay that don't seem to serve any purpose besides making sure the archive (if there is one) isn't fit for family viewing.
Mail filters are now virtually mandatory for reading cypherpunks.
* I take it SSL still hasn't been strengthened?
SSLv3 has no known weakneses, other than the government-mandated ones. Of course there's always new ideas in breaking crypto protocols, or new people working on it.
* I'm now working part of the time at a company that has a lot of mail-order sales; are any of you aware of how much credit card fraud is going on out there right now?
No, how much?
Might some of this actually be from unsecure SSL transactions?
Some of it might, however since there's about a zillion ways to steal CC numbers that are even easier than brute-forcing GAKware "export" SSL, I'd guess that the vast majority of CC fraud is from other causes. It's just so easy to go dumpster-diving for credit slips behind Macys, or snoop in on people phone-ordering goods over cellular or "portable" phones. Why bother breaking SSL? Why, that requires a computer! -- Eric Murray ericm@lne.com ericm@motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF
Eric Murray writes:
Phil Fraering writes:
* I'm now working part of the time at a company that has a lot of mail-order sales; are any of you aware of how much credit card fraud is going on out there right now?
No, how much?
About twenty basis points with respect to dollar volume. -- Mark Chen 415/341-5539 chen@chen.com D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D
participants (3)
-
chen@chen.com -
Eric Murray -
Phil Fraering