[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards



Thanks to Sandy Sandfort for bringing this to my attention.

   Date: Mon, 29 Jan 1996 15:07:46 -0500 (EST)
   From: Nathaniel Borenstein <[email protected]>

   As you may already have heard via the popular press, First Virtual
   Holdings has developed and demonstrated a program which completely
   undermines the security of every known credit-card encryption mechanism
   for Internet commerce.

I'm breaking my silence in cypherpunks to respond to what must be the
most self-serving and fatuous expression of "concern" I've seen in a
while.

To wit:  Ohmygod!  PC's don't have perfect integrity!

Will someone please write a filter for common email packages which
automatically removes selected First Virtual transactions from the
confirmation messages?  Encryption isn't the issue, Nathaniel, and you
know it.  Me, I prefer bad faith over stupidity as an explanation for
this latest outpouring.

To all those Internet payment analysts out there:
   Financial institutions are in the business of risk transfer.  If
you don't transfer risk in some form, you're not a financial
institution but rather a service bureau.  Managing endpoint integrity
risk is just one of the kinds of risk an Internet payments provider
has to deal with.  First Virtual has demonstrated time and again that
they're pretty clueless about the whole subject of risk.  As a result,
I don't give them more than about two years longer before they go
belly up.

Eric