From: Brian Lane <blane@guetech.com>
Date: Sat, 19 Aug 95 10:43:46 PDT
To: "Dr. Frederick B. Cohen" <fc@all.net>
Subject: Re: SSL challenge and escrows
In-Reply-To: <9508181635.AA23177@all.net>
Message-ID: <Pine.LNX.3.91.950819100112.1510D-100000@guetech.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 18 Aug 1995, Dr. Frederick B. Cohen wrote:

> I think a lot of people miss the distinction between automated message
> cracking and dumpster diving.  Dumpster diving is not free.  It costs at
> least a dollar each to get credit card slips by dumpster diving. 

  I think people have been forgetting something else. Getting caught.

  If I dive dumpsters, grab receipts from where I work, etc. The chances 
of me being caught, or linked to use of the CC#s is much higher than if I 
scam them from somewhere on the net, using a cracked account(or several) 
on machines all over the world.

  Another thought is an un-ethical ISP. They either sniff the SSL 
transactions to their web server, or take the numbers from the users 
directories. If discovered, they blame it on 'hackers'.

  What happens to the SSL encrypted data after received by the server?

    Brian

-----------------------------------------------------------------------------
"A little rebellion now and then is a good thing."   |   PGP Key and .plan
 -- President Thomas Jefferson                       | email Subj: blane-info
=============================================================================