From: Jeremy Mineweaser <Jeremym@area1s220.residence.gatech.edu>
To: cypherpunks@toad.com
Message Hash: 7d59a03c4d304bf65e9f860221768614e85be67c32055a357343dabe59512011
Message ID: <2.2.32.19960130163242.0098400c@area1s220.residence.gatech.edu>
Reply To: N/A
UTC Datetime: 1996-01-30 19:05:33 UTC
Raw Date: Wed, 31 Jan 1996 03:05:33 +0800
From: Jeremy Mineweaser <Jeremym@area1s220.residence.gatech.edu>
Date: Wed, 31 Jan 1996 03:05:33 +0800
To: cypherpunks@toad.com
Subject: Re: FV's Borenstein discovers keystroke capture programs!
Message-ID: <2.2.32.19960130163242.0098400c@area1s220.residence.gatech.edu>
MIME-Version: 1.0
Content-Type: text/plain
At 09:53 AM 1/30/96 -0500, nsb@nsb.fv.com wrote:
>> ... likely, you store the card numbers on a computer. And no doubt,
>> someone or something enters those numbers into a database.
>> You have just violated your own cardinal rule.
>
>Nope, afraid not. We keep the credit card numbers on a non-Internet
>computer.
Let me restate your cardinal rule, direct from your "alert":
>Quite simply, we believe that this program
>demonstrates a FATAL flaw in one whole approach to Internet commerce,
>and that the use of software to encrypt credit card numbers can NEVER be
>made safe. For consumers, we recommend the following simple rule:
>
>NEVER TYPE YOUR CREDIT CARD NUMBER INTO A COMPUTER.
How about we here it again, just because it's so well thought out:
>NEVER TYPE YOUR CREDIT CARD NUMBER INTO A COMPUTER.
Now, the fact that your customer database of credit card numbers
is not directly available via the Internet does not make it cease to
be a computer. Regardless of its networkability, it is still a computer.
Do you suggest, then, that computers cannot exist without networks?
>As to how the credit card numbers are entered: they are entered at
>account setup time via a telephone call.
And just *where* do they get entered? Into a computer.
And *how* are they entered? Via a keyboard.
What was that? You guys enter credit card numbers via the
keyboard? But YOU CAN'T DO THAT! IT'S NOT SAFE!
If I can't trust myself to keep my credit card number secure, why
should I trust your minimum-wage data entry employees?
>Believe me, we've thought a LOT about this.
I believe that you thought more about writing your glorified keyboard
sniffer than you did deciding how to announce your discovery to the public.
---
Jeremy Mineweaser | GCS/E d->-- s:- a--- C++(+++)$ ULC++(++++)>$ P+>++$
j.mineweaser@ieee.org | L+>++ E-(---) W++ N+ !o-- K+>++ w+(++++) O- M--
| V-(--) PS+(--) PE++ Y++>$ PGP++>+++$ t+() 5 X+ R+()
*ai*vr*vx*crypto* | tv(+) b++>+++ DI+(++) D+ G++ e>+++ h-() r-@ !y-
Return to January 1996
Return to “Jeremy Mineweaser <Jeremym@area1s220.residence.gatech.edu>”
1996-01-30 (Wed, 31 Jan 1996 03:05:33 +0800) - Re: FV’s Borenstein discovers keystroke capture programs! - Jeremy Mineweaser <Jeremym@area1s220.residence.gatech.edu>