1996-01-30 - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards

Header Data

From: Ernest Hua <hua@chromatic.com>
To: zinc <zinc@zifi.genetics.utah.edu>
Message Hash: ceb098267526fd8c011bbac2b2b93dfc92a49ed11336de2d91c736482a7aa4cc
Message ID: <199601300328.TAA13612@chromatic.com>
Reply To: <Pine.LNX.3.91.960129134655.184C-100000@zifi.genetics.utah.edu>
UTC Datetime: 1996-01-30 05:42:11 UTC
Raw Date: Tue, 30 Jan 1996 13:42:11 +0800

Raw message

From: Ernest Hua <hua@chromatic.com>
Date: Tue, 30 Jan 1996 13:42:11 +0800
To: zinc <zinc@zifi.genetics.utah.edu>
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <Pine.LNX.3.91.960129134655.184C-100000@zifi.genetics.utah.edu>
Message-ID: <199601300328.TAA13612@chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain

> so what?  fv has a keyboard sniffer...
> if you're going to d/l programs from the net and not pay attention to 
> what's going on you'll always be at risk and a fool as well.
> for what it's worth, this sort of program could easily be used to get 
> info more important than credit card numbers.  passphrases and 
> passwords of all kinds could be obtained leading to broken accts or 
> worthless cryptography.

I'm quite amazed at the level of ... well ... how can I characterize it
without insulting too many people? ... arrogance? ...

Many of you would be amazed at what motivates the average person to buy
or to use a computer.  Most people, when asked about security, do not
even have a concept, let alone how it applies in a computer environment.

There is far more misinformation and miseducation among the average user
than you might think.  Not everyone understands why they need a modem in
order to get onto the Internet.  Not everyone understands why you need
to sign up for an account with an ISV in order to get onto the Internet.
(You would be amazed at how many people think that just buying a modem
is good enough to get onto the Internet.)

The response is typically, "I don't understand all that technobabble!"
"Just give me something that works!"  "This is too complicated!"

If you think that the dumb user should be left to fight for his/her own
survival on the information highway, you are easily condemning 75% to
90% of the current users.

I am not entirely convinced that Borenstein is totally selfless in his
(or FV's) announcement.  However, the basis of his argument, while it
may not apply to the cypherpunk community, has much merit in the real

Try helping 100 random people with computers.  Bet you 90 of them have
trouble getting onto the Internet, period, let alone figuring how to
run Netscape.  There is a reason why AOL/CompuServe do very well
caterring to those who are technically-challenged.