1996-02-01 - Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit

Header Data

From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
To: cypherpunks@toad.com
Message Hash: 5b07c0234ff58c1e0e5bfafb2ef45d8651762d011a96658b48096d47725fc987
Message ID: <mRwHiD104w165w@bwalk.dm.com>
Reply To: <9601300015.AA15891@sulphur.osf.org>
UTC Datetime: 1996-02-01 18:16:15 UTC
Raw Date: Fri, 2 Feb 1996 02:16:15 +0800

Raw message

From: dlv@bwalk.dm.com (Dr. Dimitri Vulis)
Date: Fri, 2 Feb 1996 02:16:15 +0800
To: cypherpunks@toad.com
Subject: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit
In-Reply-To: <9601300015.AA15891@sulphur.osf.org>
Message-ID: <mRwHiD104w165w@bwalk.dm.com>
MIME-Version: 1.0
Content-Type: text/plain

Rich Salz <rsalz@osf.org> writes:
> >There are many ways to spread it besides a virus.  Zillions of 'em.  And
> There are zillions (what, more than one thousand?) ways to get someone
> to run a random piece of software that will capture their keystrokes?
> I don't believe you.  Name six.

I think I'll go on a tangent:

Many, many, many years ago, when I was a little kid, I wrote several "cool"
games that I uploaded to various BBS's. The games kept track of high scores
and saved them in a file. At that time there were a few popular BBS programs
for PC DOS (Fido, PC Board, RBBS, et al) which stored their passwords in
fairly standard locations. When the games saved the high scores, they also
looked in these standard locations. Invariably, when I downloaded the same
games a few days later, I would discover that the BBS's sysops played the
game, and made the archive with their high scores available for downloading.

ObCrypto: the high scores were encrypted together with the shell passwords.


Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps