From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 3 Feb 1996 18:19:06 +0800
To: cypherpunks@toad.com
Subject: Re: FV's Borenstein discovers keystroke capture programs! (gifs at 11!)
Message-ID: <199602030951.BAA12309@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:24 AM 1/30/96 -0500, Nathaniel Borenstein <nsb@nsb.fv.com> wrote:
>>  But I just can't believe that he thinks that
>the telephone is more secure on average than a keyboard.
>
>We have a few pages of C code that scan everything you type on a
>keyboard, and selects only the credit card numbers.  How easy is that to
>do with credit card numbers spoken over a telephone?
>The key is large-scale automated attacks, not one-time interceptions.

Speaker-independent recognition of digits is a done deal.
For large-scale automated attacks, you obviously don't wiretap the customer;
you hire The Dread Pirate Mitnick* to wiretap the 800 number for the
Home Shopping Channel, and hoover down the CC numbers of a large
number of known frequent-shopping cardholders.  (Actually, hitting on them
might be a bit tough, since they've presumably got direct T1s or T3s from
one or more carriers, which are harder to tap than the average residence line.)


(*Not the original Kevin "Dread Pirate" Mitnick, who's retired,
but Fred Bargle, who's got the current Dread Pirate Mitnick franchise.... :-)
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
# http://www.idiom.com/~wcs