From: nobody@REPLAY.COM (Anonymous)
Date: Sun, 9 Nov 1997 06:47:55 +0800
To: cypherpunks@toad.com
Subject: Mixed Messages / Re: F00FC7C8 Kills P5 AND Re: Major security flaw in Cybercash 2.1.2 (fwd)
Message-ID: <199711082233.XAA11819@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain



Eric Cordian wrote:
> In comp.sys.intel, the keeper of the Intel Secrets Website,
> rcollins@slip.net (Robert Collins) writes this absolutely amazing
> paragraph:
> > If nobody knew about this problem, nobody would be affected
> > by it.  
> > No, I had no desire to publicize the bug.

> Egads.  Talk about "Security by Obscurity"!

Robert Hettinga wrote:
> Subject: Major security flaw in Cybercash 2.1.2 (fwd)

> CyberCash v. 2.1.2 has a major security flaw that causes all credit
> card information processed by the server to be logged in a file with
> world-readable permissions.  This security flaw exists in the default
> CyberCash installation and configuration.

We at the Electronic Fraud Foundation also have no desire for these
bugs to be publicized. We're making a goddamn fortune off of them.
(Damn near as much as we're making off of our remailer-donation scam.)

Ura Fishpal,
Flounder,
Electronic Fraud Foundation
[Note: You are required by Federal Law to pay me one dollar for reading
      this post. Send $1 to EFF, Box 281, Bienfait, Sask. Canada S0C
0M0]

[Note From Your System Administrator: Failure to comply with the above
    will result in loss of your access privileges and a hernia.]