[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

None

To: [email protected]@toad.com
Subject: None
From: "Mr. Nobody" <[email protected]>
Date: Tue, 30 Jan 1996 04:25:02 -0600
Sender: [email protected]

In article <ad32cd9601021004af4e@[132.162.233.188]> [email protected] (Jonathan Rochkind) writes:
> 3)  I believe that FV works by assigning the user some sort of id number.
> They send the id accross the net, FV has a database with "FV-ID" <->
> credit-card-number correspondences, the merchant sends FV the id, FV bills
> your card and pays the merchant.  Now, if I'm correct about how FV works,
> we could clearly write a program that searches your HD for FVs data files,
> extracts your FV-ID from it, and steals it.  It could be a virus, it could
> send the FV accross the net, whatever.  We could then use your FV-ID to
> make fraudulently make purchases through the FV system that would be billed
> to you.  This is essentially the same attack as FV "demonstrates" against
> software encrypted credit cards over the net: that is, the "You have an
> insecure system and if we can put evil software on it, we can get you."
> attack.

This sounds like a fatal security flaw in FV's system!  We need to
publicize this fact widely to prevent innocent people from using their
FV accounts from computers or over the network.

Prev by Date: Re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
Next by Date: Re: Opinion piece in NYT; responses needed
Prev by thread: Re: None
Next by thread: Indecency Mathematics
Index(es):
- Date
- Thread