From: John Young <jya@pipeline.com>
Date: Fri, 11 Jul 1997 09:51:18 +0800
To: cypherpunks@toad.com
Subject: Re: Hacker cracks ESPN
Message-ID: <1.5.4.32.19970711013002.006d30e4@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



Lynn Harrison wrote:

>Starwave is warning customers about an "intruder" who took credit card
>numbers from the ESPN and NBA Web sites and then sent messages to the card
>owners about the alleged security flaws. Will the security breach on the
>popular sports sites affect emerging e-commerce efforts?

Is this the same story as the one in The Wall Street Journal today
about Phiber Optic's "accidentally" sending worldwide a security
test that automatically returns passwords stored on supposedly
secure systems?

Phiber claims he did not know the test would generate a flood of
passwords to his e-mail address: from corps, mils, and govs. 
Says he's so sorry, especially because he's still doing
community service.

Phiber's employer refused to name the computer corp that installed the
secure system Phiber was testing. However, experts interviewed said 
the password snarf feature is, ahem, well-known to experts, and that 
the only security worth trusting is the one you build and run yourself 
and test frequently and still makes you lay awake at night shivering in 
doubt fear and uncertainty -- like guilty-parental senators, TLA directors, 
and all the world's bearers of the public trust and such fundy druggies.