1996-01-30 - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards

Header Data

From: Nathaniel Borenstein <nsb@nsb.fv.com>
To: jwz@netscape.com>
Message Hash: 9422417359f5c8c25ef864efc4bc329211ed0ad3db5118bcd02fbe439be9d2a6
Message ID: <Al3XFX6Mc50e5Ir5wC@nsb.fv.com>
Reply To: <9601300006.AA15845@sulphur.osf.org>
UTC Datetime: 1996-01-30 16:59:16 UTC
Raw Date: Wed, 31 Jan 1996 00:59:16 +0800

Raw message

From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Wed, 31 Jan 1996 00:59:16 +0800
To: jwz@netscape.com>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <9601300006.AA15845@sulphur.osf.org>
Message-ID: <Al3XFX6Mc50e5Ir5wC@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. Jamie
Zawinski@netscape. (473*)

> I'll bet they could get a patent on it...  There's probably some
> money to be made with that approach.

Actually, I'm pretty sure it was Eric Hughes who said something like
(apologies if I'm misquoting or misremembering) "The most profitable
course of action, for a person who discovers a security hole, is almost
always to keep quiet about it."  It's very easy to see how a criminal
can make money with this approach, but it's much harder to see how a
legitimate business could do so.  We did what we thought was the
responsible thing, and tried to describe it in terms that were also in
our business interest.

Now, if I figure out how to really *solve* this problem, that would be
worth patenting.... :-) -- NB
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com





Thread