[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FV's blatant double standards

To: John Pettitt <[email protected]>, [email protected] (Simson L. Garfinkel), [email protected] (Rishab Aiyer Ghosh), [email protected], [email protected]
Subject: Re: FV's blatant double standards
From: "NSB's Portable (via RadioMail)" <[email protected]>
Date: Thu, 8 Feb 1996 06:03:41 -0800
Reply-To: Nathaniel Borenstein <[email protected]> (via RadioMail)
Sender: [email protected]

Once again, you're getting closer, but your approach misfires on machines
used by multiple users -- cybercafes, university computing labs, etc. --
because your algorithm really only verifies that SOMEONE sent a VirtualPIN
from this machine and SOMEONE receives mail back from FV on this machine. 
This will probably cause us to catch a large-scale attack relatively fast. 
And the absolute maximum time to detection is one billing cycle, because
all the fraud will be visibly FV-linked.  In contrast, in the credit card
attack we outlined, the card numbers are stolen cleanly, with no link back
to the attack program.  If it's built right, the only sign it has happened
will be an increase in the overall rate of credit card fraud, with nothing
to point back at the Internet at all.

Prev by Date: Re: Need a "warning" graphic of some kind for CDA
Next by Date: Hypermail & Cypherpunks
Prev by thread: How would an FV attack fail? (was: Re: FV's blatant double standards)
Next by thread: [NOISE] Sound bites re the Zundel German censorship thing (fwd)
Index(es):
- Date
- Thread