From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Tue, 30 Jan 1996 11:30:57 +0800
To: mka@pobox.com (Matts Kallioniemi)
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
In-Reply-To: <9601292131.AA24346@toad.com>
Message-ID: <wl3IFIiMc50eMWY0Nd@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 29-Jan-96 Re: FV Demonstrates Fatal F.. Matts
Kallioniemi@pobox. (710*)

> This problem is greatly exagerated. The software simply won't be running in
> the average users machine.

> If the program propagates like a virus, it will soon be catched and killed
> by the anti-virus utilities that any responsible user is already running on
> a regular basis.

No need to do it as a virus, unless you count "social attacks" as
viruses.  The IBM Christmas Exec came as plain text email that
*persuaded* the reader to run it.  The average consumer is easily
fooled. "Download this neat program that does X, Y, and Z."  If it
really does those things, you need never suspect that it also planted a
keyboard sniffer.

> If you have to start the program for it to do its magic, then just don't
> start it. Todays computer users should know that running software you don't
> trust is generally a bad idea. That's how you get a virus in the machine in
> the first place...

If your idea of "today's computer users" comes from cypherpunks, you're
living in a dream world.  FV's experience with average Internet users
includes some who ask us not to use complicated "technical terms" like
"cut and paste".  They certainly can't be counted on to know which
software to download and which to avoid.

> Come on Nathaniel, admit it, it's a scam to sell FV's expensive services!

I'm kind of surprised that nobody on this list has realized that this
attack is actually a very good argument for digital cash.  FV is by no
means the only technology that can be made immune to this kind of
attack.  It's just that software encryption of credit card numbers is an
amazingly vulnerable technology.  -- Nathaniel