1995-09-20 - first virtual “security” (!!) (was Re: Security Flaw Is Discovered In Software Used in Shopping)

Header Data

From: Laurent Demailly <dl@hplyot.obspm.fr>
To: rah@shipwright.com (Robert Hettinga)
Message Hash: 88718c9d42c5024625a49dce19d90c31aea69106bf8ce9ce1417b885d2a0bbd5
Message ID: <9509202127.AA07988@hplyot.obspm.fr>
Reply To: <v02120d1aac85dff6bc68@[]>
UTC Datetime: 1995-09-20 21:28:37 UTC
Raw Date: Wed, 20 Sep 95 14:28:37 PDT

Raw message

From: Laurent Demailly <dl@hplyot.obspm.fr>
Date: Wed, 20 Sep 95 14:28:37 PDT
To: rah@shipwright.com (Robert Hettinga)
Subject: first virtual "security" (!!) (was Re: Security Flaw Is Discovered In Software Used in Shopping)
In-Reply-To: <v02120d1aac85dff6bc68@[]>
Message-ID: <9509202127.AA07988@hplyot.obspm.fr>
MIME-Version: 1.0
Content-Type: text/plain

Robert Hettinga writes:
 > --- begin forwarded text
 > Date: Wed, 20 Sep 1995 10:47:24 -0400 (EDT)
 > From: Nathaniel Borenstein <nsb@nsb.fv.com>
 > To: www-buyinfo@allegra.att.com
 > Subject: Re: Security Flaw Is Discovered In Software Used in Shopping
 > For information on a safe, non-cryptographic alternative that has been
 > fully operational for nearly a year, with over 30,000 paying customers,
 > a growth rate featuring a six week doubling period, and NO break-ins to
 > date, check out http://www.fv.com.  -- Nathaniel
After some research on the above advertised site : 
   If you can talk to FIRST VIRTUAL via electronic mail, and nobody
   else can read or reply to your E-mail, then your E-mail account is
   compatible with FIRST VIRTUAL.
Wonderfull, this makes about ***nobody***
Are those folks stupid enough to think that using clear text mail is
something resonnable !!! better use even netscape 1.1 export !
(basically their 'trick' is that you send your CC# by phone, they then
give you an "id" by clear text EMAIL that allows you to shop (you and
all the folks that can intercept your mails) shopping are confirmed by
sending you a clear (!) mail, that you need to answer with "YES" "NO"
or "FRAUD" (!!) very funny system.... I imagine the poor fooled
customer bills...  Probably a lawyer devised te above statement so if
ppl get charged with thing they didn't asked for, fir$t virtual will
answer they were at fault because "someone" can read their mail (even if
the someone is the hacker around FV's mail exchanger...)

Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|...  Freedom
Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept

Legion of Doom Kennedy Qaddafi security break North Korea DST