1996-01-31 - Re: FV’s Borenstein discovers keystroke capture programs! (pictures at 11!)

Header Data

From: Adam Shostack <adam@lighthouse.homeport.org>
To: nsb@nsb.fv.com (Nathaniel Borenstein)
Message Hash: 3bd7f56a4b19d496d47294326243c2128712aa96d4047cd515d1b962b500ac43
Message ID: <199601301548.KAA07271@homeport.org>
Reply To: <kl3Wc7OMc50eRIr810@nsb.fv.com>
UTC Datetime: 1996-01-31 04:58:46 UTC
Raw Date: Wed, 31 Jan 1996 12:58:46 +0800

Raw message

From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Wed, 31 Jan 1996 12:58:46 +0800
To: nsb@nsb.fv.com (Nathaniel Borenstein)
Subject: Re: FV's Borenstein discovers keystroke capture programs! (pictures at 11!)
In-Reply-To: <kl3Wc7OMc50eRIr810@nsb.fv.com>
Message-ID: <199601301548.KAA07271@homeport.org>
MIME-Version: 1.0
Content-Type: text


Nathaniel Borenstein wrote:

| >  But I just can't believe that he thinks that
| the telephone is more secure on average than a keyboard.
| 
| We have a few pages of C code that scan everything you type on a
| keyboard, and selects only the credit card numbers.  How easy is that to
| do with credit card numbers spoken over a telephone?

I don't speak my credit card number into the FV line, I DTMF it.
Whats more, I do so after the interactive voice system says the words
'credit card.'  In fact, a group of people may have been running a tap
& scan on FV's line for a long time now, using each number they steal
once.

	Credit cards are crappy financial instruments, made useful
mainly by the governments limitations of liability rules.  Why defend
them?

	FV's attack is pretty bogus, but no more bogus, and possibly
less, than the Power One Time Pads.  We're going to see a lot of smoke
and mirrors in the next few years regarding security.

	Anyone have anything to say about RC2?  Someone must have
written a main() for it?

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






Thread