[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL challenge and escrows

To: "Dr. Frederick B. Cohen" <[email protected]>
Subject: Re: SSL challenge and escrows
From: Brian Lane <[email protected]>
Date: Sat, 19 Aug 1995 10:06:17 -0700 (PDT)
Cc: [email protected]
In-Reply-To: <[email protected]>
Sender: [email protected]

On Fri, 18 Aug 1995, Dr. Frederick B. Cohen wrote:

> I think a lot of people miss the distinction between automated message
> cracking and dumpster diving.  Dumpster diving is not free.  It costs at
> least a dollar each to get credit card slips by dumpster diving. 

  I think people have been forgetting something else. Getting caught.

  If I dive dumpsters, grab receipts from where I work, etc. The chances 
of me being caught, or linked to use of the CC#s is much higher than if I 
scam them from somewhere on the net, using a cracked account(or several) 
on machines all over the world.

  Another thought is an un-ethical ISP. They either sniff the SSL 
transactions to their web server, or take the numbers from the users 
directories. If discovered, they blame it on 'hackers'.

  What happens to the SSL encrypted data after received by the server?

    Brian

-----------------------------------------------------------------------------
"A little rebellion now and then is a good thing."   |   PGP Key and .plan
 -- President Thomas Jefferson                       | email Subj: blane-info
=============================================================================

References:
- SSL challenge and escrows
  - From: [email protected] (Dr. Frederick B. Cohen)

Prev by Date: Costs of Credit Card Fraud and Brute-Force Codebreaking
Next by Date: Load-sharing for Key Cracking
Prev by thread: SSL challenge and escrows
Next by thread: PGP encryption for HTML forms
Index(es):
- Date
- Thread