1995-08-17 - Re: SSL challenge – broken !

Header Data

From: liberty@gate.net (Jim Ray)
To: jbuck@Synopsys.COM
Message Hash: a4817332610c2cd2f3007dcab5501da8784b82e87a3cee9060be1573b8b0a4ba
Message ID: <199508170140.VAA40390@tequesta.gate.net>
Reply To: N/A
UTC Datetime: 1995-08-17 01:42:35 UTC
Raw Date: Wed, 16 Aug 95 18:42:35 PDT

Raw message

From: liberty@gate.net (Jim Ray)
Date: Wed, 16 Aug 95 18:42:35 PDT
To: jbuck@Synopsys.COM
Subject: Re: SSL challenge -- broken !
Message-ID: <199508170140.VAA40390@tequesta.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Joe Buck writes:

<snip>

>Your credit card number, expiration date, etc, are continually being
>revealed to minimum-wage clerks all the time, unless you never use the
>card.  A chain is only as strong as its weakest link; it makes no sense to
>buy an expensive lock when your door has a big enough opening to climb
>through.  Should some bad person get hold of your card number and misuse
>it, you're not out any money: 

I'm not so sure....Checked the fees/interest lately?
"There ain't no such thing as a free credit card theft."
[Apologies to Milton & Rose Friedman.] ;)

>you just tell the card company "I didn't buy
>that".  Since there's so much tracing in the system, if you buy a physical
>something with a stolen credit card number it can usually be traced to you
>(who'd they ship the package to?).  

They only *sometimes* find the person/loot.

>It's not clear to me that *any*
>encryption is really essential if the only purpose is to protect credit
>card #'s from snoopers.

OK, but I had an idea a number of years ago. It's not too new,
either, and considering the BILLION$ in credit-card fraud, I think
the credit card companies could implement it with little trouble at
every site the cards are used. Why not PIN numbers. Banks and their
customers are already used to them, they could be entered over the
phone (I know, not too secure) or in person, and considering the
dollar ammount of the current fraud, they would be cheap (I think).
[There is probably a flaw in my idea, but I haven't found it.]

<snip>

>Q: Of the 20,000 credit card #'s stolen from Netcom's computer, how many
>were used to buy things?  Answer: not sure, but expect the answer is "zero".

Probably so, but imagine being a Netcom customer 
(or a Netcom stockholder).
Not all of the costs of crime are monetary.
JMR


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Freedom isn't Freeh

iQCVAwUBMDKdH21lp8bpvW01AQGBTwP/VQ7BNPAAna6ba3avp+y9us0E5hhpUGdJ
6shHmZjPDWrSZz9aGzq5xhkQzSKdlLy/lFePt8acFBbDaGnK8wzAvoo1S69mr4bA
AUJ+IsI5j/Ctvic0RGbiIlfy+thXna6iwTgDovBB7u311+UMCgMg0A89onIjWCQQ
jKN2sSimEHg=
=0TzV
-----END PGP SIGNATURE-----
Regards, Jim Ray

Don't investigate Mena, Arkansas and contra-coke. 
Embarrassment is a threat to national security...
------------------------------------------------------------------------
PGP key Fingerprint  51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8 
Key id. #  E9BD6D35
------------------------------------------------------------------------
Support the Phil Zimmermann (Author of PGP) Legal Defense Fund! 
email:  zldf@clark.net or visit http://www.netresponse.com/zldf
________________________________________________________________________






Thread