From: Jeremy Mineweaser <Jeremym@area1s220.residence.gatech.edu>
To: cypherpunks@toad.com
Message Hash: a126d2e1a845eeffac2957f803ad702c0634e2a0c0e17e5d4c29aea041a9582a
Message ID: <2.2.32.19960130042632.00966364@area1s220.residence.gatech.edu>
Reply To: N/A
UTC Datetime: 1996-01-31 01:12:08 UTC
Raw Date: Wed, 31 Jan 1996 09:12:08 +0800
From: Jeremy Mineweaser <Jeremym@area1s220.residence.gatech.edu>
Date: Wed, 31 Jan 1996 09:12:08 +0800
To: cypherpunks@toad.com
Subject: Re: FV's Borenstein discovers keystroke capture programs! (pictures at 11!)
Message-ID: <2.2.32.19960130042632.00966364@area1s220.residence.gatech.edu>
MIME-Version: 1.0
Content-Type: text/plain
At 04:39 PM 1/29/96 -0500, Nathaniel Borenstein wrote:
>Well, the mis-conceptions are flying fast and furious.
>
>You're twisting our words. We believe it is a truly fatal flaw in those
>internet commerce schemes that are based on software encryption of
>credit card numbers. There are several schemes for Internet commerce
>that are unaffected:
>
> -- First Virtual (of course)
Question: Could you please describe the nature of the First Virtual
protocol? Now before you tell me to RTFM, let me explain.
I assume, although without absolute certainty, that in order to bill me
you must know my credit card number. If you do not know my credit
card number, and depend on someone else who does, you are nothing
more than a middleman who introduces additional possibility for
breach of security. If you do know my credit card number, you must
deal with the associated problem of storing this number. Now perhaps
I am wrong, and you really do keep all of your clients' card numbers
in a printed book hidden within a safe, and for each transaction you
remove the book, use your table to match FV_ID to CC#, process the
transaction, and replace the book. However, I doubt this. More
likely, you store the card numbers on a computer. And no doubt,
someone or something enters those numbers into a database.
You have just violated your own cardinal rule.
Jeremy
---
Jeremy Mineweaser | GCS/E d->-- s:- a--- C++(+++)$ ULC++(++++)>$ P+>++$
j.mineweaser@ieee.org | L+>++ E-(---) W++ N+ !o-- K+>++ w+(++++) O- M--
| V-(--) PS+(--) PE++ Y++>$ PGP++>+++$ t+() 5 X+ R+()
*ai*vr*vx*crypto* | tv(+) b++>+++ DI+(++) D+ G++ e>+++ h-() r-@ !y-
Return to January 1996
Return to “Nathaniel Borenstein <nsb@nsb.fv.com>”