first virtual "security" (!!) (was Re: Security Flaw Is Discovered In Software Used in Shopping)

[Laurent Demailly <dl@hplyot.obspm.fr>]

Robert Hettinga writes:
 > --- begin forwarded text
[...]
 > Date: Wed, 20 Sep 1995 10:47:24 -0400 (EDT)
 > From: Nathaniel Borenstein <nsb@nsb.fv.com>
 > To: www-buyinfo@allegra.att.com
 > Subject: Re: Security Flaw Is Discovered In Software Used in Shopping
 > 
[...]
 > For information on a safe, non-cryptographic alternative that has been
 > fully operational for nearly a year, with over 30,000 paying customers,
 > a growth rate featuring a six week doubling period, and NO break-ins to
 > date, check out http://www.fv.com.  -- Nathaniel
After some research on the above advertised site : 
"
   If you can talk to FIRST VIRTUAL via electronic mail, and nobody
   else can read or reply to your E-mail, then your E-mail account is
   compatible with FIRST VIRTUAL.
"
Wonderfull, this makes about ***nobody***
Are those folks stupid enough to think that using clear text mail is
something resonnable !!! better use even netscape 1.1 export !
(basically their 'trick' is that you send your CC# by phone, they then
give you an "id" by clear text EMAIL that allows you to shop (you and
all the folks that can intercept your mails) shopping are confirmed by
sending you a clear (!) mail, that you need to answer with "YES" "NO"
or "FRAUD" (!!) very funny system.... I imagine the poor fooled
customer bills...  Probably a lawyer devised te above statement so if
ppl get charged with thing they didn't asked for, fir$t virtual will
answer they were at fault because "someone" can read their mail (even if
the someone is the hacker around FV's mail exchanger...)

dl
--
Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|...  Freedom
Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept

Legion of Doom Kennedy Qaddafi security break North Korea DST