From: goedel@tezcat.com (Dietrich J. Kappe)
To: cypherpunks@toad.com
Message Hash: 0c4df104f260022e13aa1b86c90ac64d6a6e7f81a2511a3d54c0c846a3d10d84
Message ID: <v0151010bac5841656d54@[206.1.161.4]>
Reply To: N/A
UTC Datetime: 1995-08-16 23:53:54 UTC
Raw Date: Wed, 16 Aug 95 16:53:54 PDT
From: goedel@tezcat.com (Dietrich J. Kappe)
Date: Wed, 16 Aug 95 16:53:54 PDT
To: cypherpunks@toad.com
Subject: Re: SSL challenge -- broken !
Message-ID: <v0151010bac5841656d54@[206.1.161.4]>
MIME-Version: 1.0
Content-Type: text/plain
Perry E. Metzger <perry@piermont.com> writes:
>Joe Buck writes:
>> However, I disagree with your conclusion:
>>
>> > Don't trust your credit card number to this protocol.
>>
>> Your credit card number, expiration date, etc, are continually being
>> revealed to minimum-wage clerks all the time, unless you never use the
>> card.
>
>On the other hand, those clerks can be traced down in most cases and
>have fairly limited numbers of cards they get. It might be very
>profitable to run a vacuum cleaner operation on the net slurping down
>credit card number or other confidential information and then selling
>it in bulk to people who could exploit it.
Most credit card companies ship their registration information off shore to
low tech developing countries. The idea is that the people entering the
information are unlikely to be able to exploit the information they are
exposed to.
Capturing a set of credit card tapes is certainly profitable, as would be
capturing large volumes of numbers, as you suggest. Now, are those West
African credit fraud rings dialing up DEC, SUN, and SGI? :-)
DJK
P.S. There could be an article in tomorrows WSJ about the SSL Challenge.
The technical details and facts will surely be mangled. :-(
Return to August 1995
Return to “goedel@tezcat.com (Dietrich J. Kappe)”
1995-08-16 (Wed, 16 Aug 95 16:53:54 PDT) - Re: SSL challenge – broken ! - goedel@tezcat.com (Dietrich J. Kappe)