[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: More FUD from the Luddites at FV [pt. 2]



-----BEGIN PGP SIGNED MESSAGE-----

In article <[email protected]>,
Nathaniel Borenstein <[email protected]> wrote:

> Excerpts from mail: 29-Jan-96 More FUD from the Luddites .. Douglas
> Barnes@communiti (3569*)
> 
> > Whether you're a business or an individual, having, say, your
> > hard drive wiped clean by a virus would be several orders of
> > magnitude worse than the relatively minor inconvenience of
> > having to get unauthorized items deleted from your credit card bill.
> 
> For the consumer, absolutely.
> 
> For the bank, having millions of credit cards compromised by a single
> attacker is a more serious risk.

I've read your posts; I believe I understand them, and I believe I
understand how First Virtual and other online payment systems work.

I do not believe that an attack of this nature *can* yield millions of
credit cards -- unless the attacker is Bill Gates or Marc Andreesen
(and they have less risky ways of making lots of money).

The degree to which the attack you describe is a threat to online
commerce depends critically on the degree to which viruses and Trojan
horse programs can propagate through their potential base of platforms. 
Virii *do* propagate, we know, and someone who reads Cypherpunks surely
has the information on hand to say how well they propagate, given
connectivity on the Internet on the one hand and widespread antivirus
software on the other.  My guess is that overall, the infection rate
even by well-known virii such as Michaelangelo, is pretty low.  Only a
fraction of infected machines are going to be used for buying things
over the Internet.

As for Trojan horses, their penetration depends on how widely used they
are.  If one posted PAMELA ANDERSON STRIP POKER!!!1! to
alt.binaries.pictures.erotica, how many copies would be downloaded and
installed?   How many users would also be online shoppers?

The only way millions of credit cards would be at risk would be if the
Trojan horse were installed on millions of Internet-connected machines
 -- it would have to be a very widely used Trojan horse, something as
widely used as Win95, or Netscape.  I believe that a person who can get
that kind of distribution of their software has less risky and more
fruitful ways of making money than stealing credit card numbers.

In short, I believe that the risk to the credit card business of this
attack is *at most* no greater than Xriva Zvgavpx'f (*) hack of 20,000
credit cards from Netcom, and very likely far, far smaller.  "Millions"
is an absurd and dishonest exaggeration.  You should be ashamed of
yourself. 

(*) Overused and overhyped name rot13ed to protect the delicate
sensibilities of the Cypherpunks.

- -- 
   Alan Bostick             | He played the king as if afraid someone else 
Seeking opportunity to      | would play the ace.
develop multimedia content. |      John Mason Brown, drama critic
Finger [email protected] for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMQ+8gOVevBgtmhnpAQEuzQL9H8EHegrTdPSAe5nIM9eO9n4+xJR7SUrF
Q1EWVIrM1tMILc02zwI5Qe3AoE0Bj+G7kBkuICZyoTjObm5sVAEF+dMhF25joGXI
ztKwPUr3XLWRrX2PNj+V9zNWZxRHLJK2
=tX+9
-----END PGP SIGNATURE-----