From: Scott Brickner <sjb@universe.digex.net>
Date: Mon, 4 Dec 95 12:26:45 PST
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Subject: Re: INTERNET SECURITY RISKS FOR CONSUMERS OVERBLOWN
In-Reply-To: <9512041821.AA00569@ch1d157nwk>
Message-ID: <199512042026.PAA03718@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Andrew Loewenstern writes:
>>  "If someone wanted to steal a credit card number, all they would
>>  have to do is go to any gas station and look on the ground around
>>  the pumps," says the CTO at Internet security firm Terisa Systems.
>
>Sure, if you wanted to steal a card number or two the ground around a  
>gas-station would probably be a good choice.  However, if you wanted to steal 
>a thousand card numbers (or maybe even thirty thousand), just sniff packets  
>off a hub near a large Web site that accepts unencrypted (or weakly  
>encrypted) card transactions or hack your favorite ISP's machines.

Duh.  The point of the article the original poster quoted was that
there's little risk to individual *consumers*.  If someone sniffs
thirty thousand credit cards from a poorly secured web-site, the
consumers are still only liable for $50.  Of course, the card company
gets a big bill, and probably will try to sue the site to recover, and
both will pass those costs back to the consumer, assuming they
survive.  The total cost is still pretty small to the individual.