[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL challenge -- broken !


Joe Buck <[email protected]> wrote:


>Yes, it's true that {fraud} contributes to high interest rates (though
>defaults cost more than fraud).

Sometimes there's little difference.


>> They only *sometimes* find the person/loot.
>Doesn't matter, this is a disincentive to theft and you are never liable
>unless you lost your physical card.

I was referring to my previous point, whether or not you're
*individually* liable, "somebody" always pays.


>It would cost billions to get every single merchant that accepts credit
>cards set up with PIN equipment.

Agreed. Fraud/defaults cost billions too, the billions I propose
spending would be a one-time, rather than yearly, cost.

>> Why not PIN numbers.


>You have to make sure the clerk that gets your order doesn't see the
>PIN (so you need a secure path between you and your credit card co.
>that avoids the merchant).

I was thinking of some piece of hardware the clerk could hand you,
but "shoulder surfing," by the clerk or by other customers, will
always be possible, just as with ATMs or phonecards.
My idea isn't perfect, just better than the present reality, IMO.

>And what about the tellers?  Do you know
>how badly they are treated?  They can get all those #'s.  Yes, it
>can be done: ATMs are set up that way.  But as long as it's not done,
>those who scream at the horrors of sending credit card #'s over the
>net aren't thinking clearly.
>Never forget that social engineering is the easiest hack.  Technical
>solutions that ignore wide-open social engineering paths are worse
>than useless (worse because they give an illusion of security).

Agreed. My idea *is* imperfect. Social engineering works well.
I just don't want to let the great be the enemy of the good,
and the credit card fraud situation now is intolerable.

Version: 2.6.2
Comment: Freedom isn't Freeh

Regards, Jim Ray

"The important thing is not to stop questioning. Curiosity has its
own reason for existing. One cannot help but be in awe when he
contemplates the mysteries of eternity, of life, of the marvelous
structures of reality. It is enough if one merely tries to comprehend
a little of this mystery every day. Never lose a holy curiosity."
 -- Albert Einstein
PGP key Fingerprint  51 5D A2 C3 92 2C 56 BE  53 2D 9C A1 B3 50 C9 C8 
Key id. #  E9BD6D35
Support the Phil Zimmermann (Author of PGP) Legal Defense Fund! 
email:  [email protected] or visit http://www.netresponse.com/zldf