From: Laurent Demailly <dl@hplyot.obspm.fr>
To: rah@shipwright.com (Robert Hettinga)
Message Hash: 88718c9d42c5024625a49dce19d90c31aea69106bf8ce9ce1417b885d2a0bbd5
Message ID: <9509202127.AA07988@hplyot.obspm.fr>
Reply To: <v02120d1aac85dff6bc68@[199.0.65.105]>
UTC Datetime: 1995-09-20 21:28:37 UTC
Raw Date: Wed, 20 Sep 95 14:28:37 PDT
From: Laurent Demailly <dl@hplyot.obspm.fr>
Date: Wed, 20 Sep 95 14:28:37 PDT
To: rah@shipwright.com (Robert Hettinga)
Subject: first virtual "security" (!!) (was Re: Security Flaw Is Discovered In Software Used in Shopping)
In-Reply-To: <v02120d1aac85dff6bc68@[199.0.65.105]>
Message-ID: <9509202127.AA07988@hplyot.obspm.fr>
MIME-Version: 1.0
Content-Type: text/plain
Robert Hettinga writes:
> --- begin forwarded text
[...]
> Date: Wed, 20 Sep 1995 10:47:24 -0400 (EDT)
> From: Nathaniel Borenstein <nsb@nsb.fv.com>
> To: www-buyinfo@allegra.att.com
> Subject: Re: Security Flaw Is Discovered In Software Used in Shopping
>
[...]
> For information on a safe, non-cryptographic alternative that has been
> fully operational for nearly a year, with over 30,000 paying customers,
> a growth rate featuring a six week doubling period, and NO break-ins to
> date, check out http://www.fv.com. -- Nathaniel
After some research on the above advertised site :
"
If you can talk to FIRST VIRTUAL via electronic mail, and nobody
else can read or reply to your E-mail, then your E-mail account is
compatible with FIRST VIRTUAL.
"
Wonderfull, this makes about ***nobody***
Are those folks stupid enough to think that using clear text mail is
something resonnable !!! better use even netscape 1.1 export !
(basically their 'trick' is that you send your CC# by phone, they then
give you an "id" by clear text EMAIL that allows you to shop (you and
all the folks that can intercept your mails) shopping are confirmed by
sending you a clear (!) mail, that you need to answer with "YES" "NO"
or "FRAUD" (!!) very funny system.... I imagine the poor fooled
customer bills... Probably a lawyer devised te above statement so if
ppl get charged with thing they didn't asked for, fir$t virtual will
answer they were at fault because "someone" can read their mail (even if
the someone is the hacker around FV's mail exchanger...)
dl
--
Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom
Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept
Legion of Doom Kennedy Qaddafi security break North Korea DST
Return to September 1995
Return to “rah@shipwright.com (Robert Hettinga)”