1996-02-08 - Re: FV’s blatant double standards

Header Data

From: “NSB’s Portable (via RadioMail)” <nsb@radiomail.net>
To: John Pettitt <nit@chron.com
Message Hash: 2d21e31b29c29eb29516934dd63f21e407a81d61b1170e817e6f3bbbe4d5c385
Message ID: <RM:c0d83d13.000dd04d.0>
Reply To: N/A
UTC Datetime: 1996-02-08 14:20:16 UTC
Raw Date: Thu, 8 Feb 1996 22:20:16 +0800

Raw message

From: "NSB's Portable (via RadioMail)" <nsb@radiomail.net>
Date: Thu, 8 Feb 1996 22:20:16 +0800
To: John Pettitt <nit@chron.com
Subject: Re: FV's blatant double standards
Message-ID: <RM:c0d83d13.000dd04d.0>
MIME-Version: 1.0
Content-Type: text/plain


Once again, you're getting closer, but your approach misfires on machines
used by multiple users -- cybercafes, university computing labs, etc. --
because your algorithm really only verifies that SOMEONE sent a VirtualPIN
from this machine and SOMEONE receives mail back from FV on this machine. 
This will probably cause us to catch a large-scale attack relatively fast. 
And the absolute maximum time to detection is one billing cycle, because
all the fraud will be visibly FV-linked.  In contrast, in the credit card
attack we outlined, the card numbers are stolen cleanly, with no link back
to the attack program.  If it's built right, the only sign it has happened
will be an increase in the overall rate of credit card fraud, with nothing
to point back at the Internet at all.





Thread