[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SSL challenge and escrows
On Fri, 18 Aug 1995, Dr. Frederick B. Cohen wrote:
> I think a lot of people miss the distinction between automated message
> cracking and dumpster diving. Dumpster diving is not free. It costs at
> least a dollar each to get credit card slips by dumpster diving.
I think people have been forgetting something else. Getting caught.
If I dive dumpsters, grab receipts from where I work, etc. The chances
of me being caught, or linked to use of the CC#s is much higher than if I
scam them from somewhere on the net, using a cracked account(or several)
on machines all over the world.
Another thought is an un-ethical ISP. They either sniff the SSL
transactions to their web server, or take the numbers from the users
directories. If discovered, they blame it on 'hackers'.
What happens to the SSL encrypted data after received by the server?
Brian
-----------------------------------------------------------------------------
"A little rebellion now and then is a good thing." | PGP Key and .plan
-- President Thomas Jefferson | email Subj: blane-info
=============================================================================