More FUD from the Luddites at FV

Douglas Barnes cman at communities.com
Tue Jan 30 01:26:15 PST 1996 


Once again, FV has decided that it is easier to spread Fear,
Uncertainty and Doubt than innovate. This is part of a continuing
pattern that has been extensively documented in previous threads
on this mailing list.

There are a great many problems with the claims that FV are
making with respect to their souped-up keyboard sniffer; here
is the one I consider to be the clincher:

If I can place any program of my design on a user's machine to
sniff credit cards, I can easily exert total control over all of
the e-mail sent or received from that machine. Since I can
do this, it is now trivially easy to circumvent the "security"
of FV e-mail confirmations.

Furthermore, to do this, all I really need is control over the
network traffic to that user's machine, which in many instances
is going to be easier than placing a program on someone's machine.

I can then set up dummy companies that my "virus" or whatever
will buy "information" from -- some of these might get detected
when user's get their bills, but this hypothetical program might
chose amounts that would disappear into the noise of actual,
legitimate purchases.

Therefore, the real moral of the story is:

DON'T PUT UNTRUSTWORTHY PROGRAMS ON YOUR HARD DISK

--doug

P.S. a good video camera in the right spot, or a telephone
tap of a major mail-order distributor could probably get you
more credit cards, faster, than the FV approach. Credit cards
are fundamentally insecure; typing your CC# into your computer is
no more dangerous than giving it to the minimum-wage clerk
at Denny's. This insecurity is factored into the business model
of the credit card companies -- end users do not pay one dime
for erroneous or fradulent charges that lack a signature along
with a card swipe or imprint.



------                                                             ------
Douglas Barnes         "The tighter you close your fist, Governor Tarkin,
cman at communities.com    the more systems will slip through your fingers."
cman at best.com                                             --Princess Leia

More information about the cypherpunks-legacy mailing list