[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FV's blatant double standards
At 8:18 AM 1/31/96, Rishab Aiyer Ghosh wrote:
>FV demonstrated, through it's "card sharp" or whatever, that
>real-time transactions are vulnerable to sniffers on the recipient's
>own machine. Of course. We all knew that. But the mistake is to
>assume that FV isn't _equally_ vulnerable to that threat. If you
>can write a trojan that will somehow get privileged access to my
>machine, trap my keystrokes, and identify my credit card number,
>you can certainly write one that will, sitting on my machine:
> "intercept the user's electronic mail, read the confirmation
> message from First Virtual's computers, and send out a fraudulent
> reply"
>(to quote from Simson's article). Simson further quotes FV's Lee
>Stein: "A single user can be targeted, Stein said, but ''it is very
>difficult. . . . There are too many packets moving . . . to too many
>different machines.''" - which is of course equally true for real-time
>Netscape transactions.
Oh, I think that such a program can be written. However, it would be much
harder to get right, considering all of the different ways that people read
e-mail.
=============
Simson's Schedule:
Feb 2 - Feb 5 - Cambridge: Conference on Freely Redistributable Software
Feb 7 - Feb 13 - Baltimore: American Association for the Advancement of
Science.
Feb. 28 - March 1 - Seybold, Boston.
March 23 - NYC. MacFair.
March 27 - March 30: Cambridge. Computers, Freedom and Privacy.