SSL challenge and escrows
I think a lot of people miss the distinction between automated message cracking and dumpster diving. Dumpster diving is not free. It costs at least a dollar each to get credit card slips by dumpster diving. Consider that in order to use the information, you have to get the slip, pull off the numbers, enter them into a computer (or even worse yet, create a phoney card or make a phone call) in order to use the information. The break-even point for an automated cracking and usage system is more than a dollar per stolen card. My parallel processor is actually more cost effective for crimilar theft via credit card fraud. What does this have to do with escrow? My escrow offer costs less than the cost of crimial attack. If it reduces attack, it is cost effective and should lower the overall cost of transaction processing. In fact, I have a friend who says he will escrow keys for free, but he is less trustworhty than I am, and I think he wants to get his dollar on the other side. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
On Fri, 18 Aug 1995, Dr. Frederick B. Cohen wrote:
I think a lot of people miss the distinction between automated message cracking and dumpster diving. Dumpster diving is not free. It costs at least a dollar each to get credit card slips by dumpster diving.
I think people have been forgetting something else. Getting caught. If I dive dumpsters, grab receipts from where I work, etc. The chances of me being caught, or linked to use of the CC#s is much higher than if I scam them from somewhere on the net, using a cracked account(or several) on machines all over the world. Another thought is an un-ethical ISP. They either sniff the SSL transactions to their web server, or take the numbers from the users directories. If discovered, they blame it on 'hackers'. What happens to the SSL encrypted data after received by the server? Brian ----------------------------------------------------------------------------- "A little rebellion now and then is a good thing." | PGP Key and .plan -- President Thomas Jefferson | email Subj: blane-info =============================================================================
participants (2)
-
Brian Lane -
fc@all.net