[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL challenge -- broken !


Joe Buck writes:


>Your credit card number, expiration date, etc, are continually being
>revealed to minimum-wage clerks all the time, unless you never use the
>card.  A chain is only as strong as its weakest link; it makes no sense to
>buy an expensive lock when your door has a big enough opening to climb
>through.  Should some bad person get hold of your card number and misuse
>it, you're not out any money: 

I'm not so sure....Checked the fees/interest lately?
"There ain't no such thing as a free credit card theft."
[Apologies to Milton & Rose Friedman.] ;)

>you just tell the card company "I didn't buy
>that".  Since there's so much tracing in the system, if you buy a physical
>something with a stolen credit card number it can usually be traced to you
>(who'd they ship the package to?).  

They only *sometimes* find the person/loot.

>It's not clear to me that *any*
>encryption is really essential if the only purpose is to protect credit
>card #'s from snoopers.

OK, but I had an idea a number of years ago. It's not too new,
either, and considering the BILLION$ in credit-card fraud, I think
the credit card companies could implement it with little trouble at
every site the cards are used. Why not PIN numbers. Banks and their
customers are already used to them, they could be entered over the
phone (I know, not too secure) or in person, and considering the
dollar ammount of the current fraud, they would be cheap (I think).
[There is probably a flaw in my idea, but I haven't found it.]


>Q: Of the 20,000 credit card #'s stolen from Netcom's computer, how many
>were used to buy things?  Answer: not sure, but expect the answer is "zero".

Probably so, but imagine being a Netcom customer 
(or a Netcom stockholder).
Not all of the costs of crime are monetary.

Version: 2.6.2
Comment: Freedom isn't Freeh

Regards, Jim Ray

Don't investigate Mena, Arkansas and contra-coke. 
Embarrassment is a threat to national security...
PGP key Fingerprint  51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8 
Key id. #  E9BD6D35
Support the Phil Zimmermann (Author of PGP) Legal Defense Fund! 
email:  [email protected] or visit http://www.netresponse.com/zldf