From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Wed, 31 Jan 1996 00:59:16 +0800
To: jwz@netscape.com>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <9601300006.AA15845@sulphur.osf.org>
Message-ID: <Al3XFX6Mc50e5Ir5wC@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. Jamie
Zawinski@netscape. (473*)

> I'll bet they could get a patent on it...  There's probably some
> money to be made with that approach.

Actually, I'm pretty sure it was Eric Hughes who said something like
(apologies if I'm misquoting or misremembering) "The most profitable
course of action, for a person who discovers a security hole, is almost
always to keep quiet about it."  It's very easy to see how a criminal
can make money with this approach, but it's much harder to see how a
legitimate business could do so.  We did what we thought was the
responsible thing, and tried to describe it in terms that were also in
our business interest.

Now, if I figure out how to really *solve* this problem, that would be
worth patenting.... :-) -- NB
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com