[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FV's blatant double standards



Once again, you're getting closer, but your approach misfires on machines
used by multiple users -- cybercafes, university computing labs, etc. --
because your algorithm really only verifies that SOMEONE sent a VirtualPIN
from this machine and SOMEONE receives mail back from FV on this machine. 
This will probably cause us to catch a large-scale attack relatively fast. 
And the absolute maximum time to detection is one billing cycle, because
all the fraud will be visibly FV-linked.  In contrast, in the credit card
attack we outlined, the card numbers are stolen cleanly, with no link back
to the attack program.  If it's built right, the only sign it has happened
will be an increase in the overall rate of credit card fraud, with nothing
to point back at the Internet at all.