From: Dave Del Torto <ddt@lsd.com>
Date: Sat, 3 Feb 1996 09:34:19 +0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
Subject: Re: Apology and clarification
Message-ID: <v03004906ad35ed798f90@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


At 1:57 AM 1/30/96, Nathaniel Borenstein wrote:

[explanation of keysniffing intentions elided]
>When you put all four of these together, you have an attack that IS new,
>in the sense that nobody we know of has ever mentioned it before, and
>which could in fact be used by a single criminal, with only a few weeks
[elided]

Nathaniel,

I took your posting in the spirit it was intended, I think, since it was
obviously not directed at a c'punk audience. You may remember, BTW, that I
did some information-gathering on keystroke sniffers early in 94. I, too,
did not feel comfortable spreading the info too widely, however, though
now, to a select audience, it might be timely.

Thanks for pointing out a very valid set of attack parameters, BTW.

>One good
>programmer, in less than a month, can write a program that will spread
>itself around the net, collect an unlimited number of credit card
>numbers, and get them back to the program's author by non-traceable
>mechanisms.  Does anyone on this list doubt that this is true?

I do not doubt it for an instant. I even know some Eastern Eudopeans who
might be at it as we speak.

   dave