[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
None
In article <ad32cd9601021004af4e@[132.162.233.188]> [email protected] (Jonathan Rochkind) writes:
> 3) I believe that FV works by assigning the user some sort of id number.
> They send the id accross the net, FV has a database with "FV-ID" <->
> credit-card-number correspondences, the merchant sends FV the id, FV bills
> your card and pays the merchant. Now, if I'm correct about how FV works,
> we could clearly write a program that searches your HD for FVs data files,
> extracts your FV-ID from it, and steals it. It could be a virus, it could
> send the FV accross the net, whatever. We could then use your FV-ID to
> make fraudulently make purchases through the FV system that would be billed
> to you. This is essentially the same attack as FV "demonstrates" against
> software encrypted credit cards over the net: that is, the "You have an
> insecure system and if we can put evil software on it, we can get you."
> attack.
This sounds like a fatal security flaw in FV's system! We need to
publicize this fact widely to prevent innocent people from using their
FV accounts from computers or over the network.