FV's Borenstein discovers keystroke capture programs!

Jeremy Mineweaser Jeremym at area1s220.residence.gatech.edu
Tue Jan 30 11:05:33 PST 1996 

At 09:53 AM 1/30/96 -0500, nsb at nsb.fv.com wrote:

>> ... likely, you store the card numbers on a computer.  And no doubt,
>> someone or something enters those numbers into a database.
>> You have just violated your own cardinal rule.
>
>Nope, afraid not.  We keep the credit card numbers on a non-Internet
>computer.  

Let me restate your cardinal rule, direct from your "alert":

>Quite simply, we believe that this program
>demonstrates a FATAL flaw in one whole approach to Internet commerce,
>and that the use of software to encrypt credit card numbers can NEVER be
>made safe.  For consumers, we recommend the following simple rule:
>
>NEVER TYPE YOUR CREDIT CARD NUMBER INTO A COMPUTER.

How about we here it again, just because it's so well thought out:

>NEVER TYPE YOUR CREDIT CARD NUMBER INTO A COMPUTER.

Now, the fact that your customer database of credit card numbers
is not directly available via the Internet does not make it cease to
be a computer.  Regardless of its networkability, it is still a computer.
Do you suggest, then, that computers cannot exist without networks?

>As to how the credit card numbers are entered:  they are entered at
>account setup time via a telephone call.  

And just *where* do they get entered?   Into a computer.
And *how* are they entered?  Via a keyboard.

What was that?  You guys enter credit card numbers via the
keyboard?  But YOU CAN'T DO THAT!  IT'S NOT SAFE!

If I can't trust myself to keep my credit card number secure, why
should I trust your minimum-wage data entry employees?

>Believe me, we've thought a LOT about this.

I believe that you thought more about writing your glorified keyboard
sniffer than you did deciding how to announce your discovery to the public.
---
   Jeremy Mineweaser     | GCS/E d->-- s:- a--- C++(+++)$ ULC++(++++)>$ P+>++$
 j.mineweaser at ieee.org   | L+>++ E-(---)  W++ N+  !o-- K+>++  w+(++++) O-  M--
                         | V-(--) PS+(--) PE++ Y++>$ PGP++>+++$ t+() 5 X+ R+()
    *ai*vr*vx*crypto*    | tv(+)  b++>+++ DI+(++)  D+  G++ e>+++  h-() r-@ !y-

More information about the cypherpunks-legacy mailing list