1996-01-30 - More FUD from the Luddites at FV

Header Data

From: cman@communities.com (Douglas Barnes)
To: cypherpunks@toad.com
Message Hash: ac54b261cbe1439dd53f19b20a03441827fec07c8a5fdc915cb3bdb9e6f1d014
Message ID: <v02130501ad330124ebc0@[199.2.22.120]>
Reply To: N/A
UTC Datetime: 1996-01-30 09:26:15 UTC
Raw Date: Tue, 30 Jan 1996 17:26:15 +0800

Raw message

From: cman@communities.com (Douglas Barnes)
Date: Tue, 30 Jan 1996 17:26:15 +0800
To: cypherpunks@toad.com
Subject: More FUD from the Luddites at FV
Message-ID: <v02130501ad330124ebc0@[199.2.22.120]>
MIME-Version: 1.0
Content-Type: text/plain



Once again, FV has decided that it is easier to spread Fear,
Uncertainty and Doubt than innovate. This is part of a continuing
pattern that has been extensively documented in previous threads
on this mailing list.

There are a great many problems with the claims that FV are
making with respect to their souped-up keyboard sniffer; here
is the one I consider to be the clincher:

If I can place any program of my design on a user's machine to
sniff credit cards, I can easily exert total control over all of
the e-mail sent or received from that machine. Since I can
do this, it is now trivially easy to circumvent the "security"
of FV e-mail confirmations.

Furthermore, to do this, all I really need is control over the
network traffic to that user's machine, which in many instances
is going to be easier than placing a program on someone's machine.

I can then set up dummy companies that my "virus" or whatever
will buy "information" from -- some of these might get detected
when user's get their bills, but this hypothetical program might
chose amounts that would disappear into the noise of actual,
legitimate purchases.

Therefore, the real moral of the story is:

DON'T PUT UNTRUSTWORTHY PROGRAMS ON YOUR HARD DISK

--doug

P.S. a good video camera in the right spot, or a telephone
tap of a major mail-order distributor could probably get you
more credit cards, faster, than the FV approach. Credit cards
are fundamentally insecure; typing your CC# into your computer is
no more dangerous than giving it to the minimum-wage clerk
at Denny's. This insecurity is factored into the business model
of the credit card companies -- end users do not pay one dime
for erroneous or fradulent charges that lack a signature along
with a card swipe or imprint.



------                                                             ------
Douglas Barnes         "The tighter you close your fist, Governor Tarkin,
cman@communities.com    the more systems will slip through your fingers."
cman@best.com                                             --Princess Leia







Thread