From: Brian Lane <blane@guetech.com>
To: “Dr. Frederick B. Cohen” <fc@all.net>
Message Hash: 45310b0c3be42f2ed2dbd1a3b4c6c84cf1ddea31701ad6f0dd781d5e3079ef26
Message ID: <Pine.LNX.3.91.950819100112.1510D-100000@guetech.com>
Reply To: <9508181635.AA23177@all.net>
UTC Datetime: 1995-08-19 17:43:46 UTC
Raw Date: Sat, 19 Aug 95 10:43:46 PDT
From: Brian Lane <blane@guetech.com>
Date: Sat, 19 Aug 95 10:43:46 PDT
To: "Dr. Frederick B. Cohen" <fc@all.net>
Subject: Re: SSL challenge and escrows
In-Reply-To: <9508181635.AA23177@all.net>
Message-ID: <Pine.LNX.3.91.950819100112.1510D-100000@guetech.com>
MIME-Version: 1.0
Content-Type: text/plain
On Fri, 18 Aug 1995, Dr. Frederick B. Cohen wrote:
> I think a lot of people miss the distinction between automated message
> cracking and dumpster diving. Dumpster diving is not free. It costs at
> least a dollar each to get credit card slips by dumpster diving.
I think people have been forgetting something else. Getting caught.
If I dive dumpsters, grab receipts from where I work, etc. The chances
of me being caught, or linked to use of the CC#s is much higher than if I
scam them from somewhere on the net, using a cracked account(or several)
on machines all over the world.
Another thought is an un-ethical ISP. They either sniff the SSL
transactions to their web server, or take the numbers from the users
directories. If discovered, they blame it on 'hackers'.
What happens to the SSL encrypted data after received by the server?
Brian
-----------------------------------------------------------------------------
"A little rebellion now and then is a good thing." | PGP Key and .plan
-- President Thomas Jefferson | email Subj: blane-info
=============================================================================
Return to August 1995
Return to “fc@all.net (Dr. Frederick B. Cohen)”