From: Jeff Weinstein <jsw@netscape.com>
To: Weld Pond <weld@l0pht.com>
Message Hash: 81260b8f546e53064868ba579744fb0b85c738172aaef15e5b69bc7b88c35e81
Message ID: <310DD0D3.6BBF@netscape.com>
Reply To: <Pine.BSD/.3.91.960129170118.14124A-100000@l0pht.com>
UTC Datetime: 1996-01-31 10:14:37 UTC
Raw Date: Wed, 31 Jan 1996 18:14:37 +0800
From: Jeff Weinstein <jsw@netscape.com>
Date: Wed, 31 Jan 1996 18:14:37 +0800
To: Weld Pond <weld@l0pht.com>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <Pine.BSD/.3.91.960129170118.14124A-100000@l0pht.com>
Message-ID: <310DD0D3.6BBF@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain
Weld Pond wrote:
> Programs needing secure entry create a "secure entry field" which is
> really just an imagemap with the digits (and alphas if required) placed
> randomly about. The user then uses the mouse to click on these numerals.
> Ideally the graphics that represent the numerals would be drawn from a
> random pool and are misformed to thwart any OCR attempts. The graphics
> could be made even more difficult to OCR by mixing in words and pictures
> to represent the numbers.
The web page could be implemented with javascript, which could collect
the keyclicks without any round trips to the server, and just send the
encrypted credit card number.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
Return to January 1996
Return to “Weld Pond <weld@l0pht.com>”