From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Wed, 31 Jan 1996 12:58:46 +0800
To: nsb@nsb.fv.com (Nathaniel Borenstein)
Subject: Re: FV's Borenstein discovers keystroke capture programs! (pictures at 11!)
In-Reply-To: <kl3Wc7OMc50eRIr810@nsb.fv.com>
Message-ID: <199601301548.KAA07271@homeport.org>
MIME-Version: 1.0
Content-Type: text


Nathaniel Borenstein wrote:

| >  But I just can't believe that he thinks that
| the telephone is more secure on average than a keyboard.
| 
| We have a few pages of C code that scan everything you type on a
| keyboard, and selects only the credit card numbers.  How easy is that to
| do with credit card numbers spoken over a telephone?

I don't speak my credit card number into the FV line, I DTMF it.
Whats more, I do so after the interactive voice system says the words
'credit card.'  In fact, a group of people may have been running a tap
& scan on FV's line for a long time now, using each number they steal
once.

	Credit cards are crappy financial instruments, made useful
mainly by the governments limitations of liability rules.  Why defend
them?

	FV's attack is pretty bogus, but no more bogus, and possibly
less, than the Power One Time Pads.  We're going to see a lot of smoke
and mirrors in the next few years regarding security.

	Anyone have anything to say about RC2?  Someone must have
written a main() for it?

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume