None

Mr. Nobody mixmaster at anon.alias.net
Tue Jan 30 03:03:06 PST 1996


In article <ad32cd9601021004af4e@[132.162.233.188]> jrochkin at cs.oberlin.edu (Jonathan Rochkind) writes:
> 3)  I believe that FV works by assigning the user some sort of id number.
> They send the id accross the net, FV has a database with "FV-ID" <->
> credit-card-number correspondences, the merchant sends FV the id, FV bills
> your card and pays the merchant.  Now, if I'm correct about how FV works,
> we could clearly write a program that searches your HD for FVs data files,
> extracts your FV-ID from it, and steals it.  It could be a virus, it could
> send the FV accross the net, whatever.  We could then use your FV-ID to
> make fraudulently make purchases through the FV system that would be billed
> to you.  This is essentially the same attack as FV "demonstrates" against
> software encrypted credit cards over the net: that is, the "You have an
> insecure system and if we can put evil software on it, we can get you."
> attack.

This sounds like a fatal security flaw in FV's system!  We need to
publicize this fact widely to prevent innocent people from using their
FV accounts from computers or over the network.






More information about the cypherpunks-legacy mailing list