From: "Phillip M. Hallam-Baker" <hallam@w3.org>
Date: Mon, 4 Mar 1996 06:15:48 +0800
To: cypherpunks@toad.com
Subject: Re: Netcom and Credit Cards
Message-ID: <199603032140.QAA21879@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Anonymous wrote:

> > The "credit card numbers were stolen" point, that I believe Ed Carp was
> > referring to, had to do with the Mitnick affair, and is very old news.
> 
> The fact that they had been stolen was mentioned in an edition of 2600
> 6 months before the Mitnick saga.  Netcom had been told about the
> security breaches many times, but refused to acknowledge that their
> site was insecure.  It was this arrogance that pissed people off
> more than their insecurity.

As someone who was involved in the recent iKP / SEPP /STT / --> SET
event I would like to point out that it was the storage of CC numbers in
databases connected to the Internet which was the primary concern of
credit card companies. 

Sending credit card numbers across the internet in the clear was to an
extent a side issue. Clearly if the merchant was nopt going to be able
to store the number the number would have to not be received in
cleartext by the merchant.


	Phill
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMToR2yoZzwIn1bdtAQEBDAF+Mgb3VluBwhqkjIgPCJ5YurkDWWm9MRwg
RJoqXdalTBmM20ldY5qddiuTGoxni4ac
=9L/X
-----END PGP SIGNATURE-----