[RC5] [ADMIN] DES-II-2 is over...

gindrup at okway.okstate.edu gindrup at okway.okstate.edu
Fri Jul 24 11:26:20 EDT 1998


        The only "issue" with Internet credit card fraud is the automated 
     and speedy way in which it can be done.  One can set up a sniffer to 
     find credit card numbers and then automatically use those numbers to 
     make purchases from a list supplied by the user.
     
        This is *much* scarier than someone having to *physically* 
     collect the number and physically make charges.  Further, if one can 
     crack a number every 2.5 seconds, one only needs to make one charge 
     for a non-round amount per card, which the card-holder can easily 
     challenge and probably get removed from the bill.  It's not as if 
     they have to max the card to get the same illicit revenue.
     
        Sure, physical security of credit card numbers is atrocious, but 
     physically collecting credit card numbers is harder than collecting 
     them from networks.  The "entry cost" of internet credit card fraud 
     is much lower than that for physically mediated fraud.  The 
     immediacy and anonymity of the fraud is also of some concern -- it's 
     hard to determine *who* accessed to your number when there are about 
     150 Million people who *could* have accessed it.
     
        Don't underestimate the danger of internet credit card fraud.  
     Remember that it is easy for people to get your credit card number 
     through both physical and network avenues.  Tear up your carbons and 
     keep them.  Use the best encryption you can.  Don't share "extra" 
     information with an individual asking for your card number that 
     would allow them to impersonate your credit identity (bank account 
     numbers, other credit card numbers, social security numbers, 
     driver's license numbers, et c.).
        Just be suitably careful.
            -- Eric Gindrup ! gindrup at Okway.okstate.edu


______________________________ Reply Separator _________________________________
Subject: RE: [RC5] [ADMIN] DES-II-2 is over... 
Author:  <rc5 at lists.distributed.net> at SMTP
Date:    7/22/98 5:05 PM


On Fri, 17 Jul 1998 14:54:20 -0400, Van Drie, Mathew wrote:
     
>To me, this is really scary. I mean, when d.net cracked DES once, and then 
>again, I didn't think a thing of it. What hacker is going to be able to get 
>20,000 some odd computers together to crack something. But this was one 
>computer! And I'm sure you could get some idot to drop $250,000 for a 
>computer like this. It would pay off for itself within weeks or even days! 
>Think of it: if someone could sniff a credit card transaction and have it 
>cracked within three days, they could max that card out and move on to 
>another one! Don't even get me started on what someone could do if they got 
>their hands on government document and records!
     
Think of it, somebody could go into the trash can at your local gas 
station and grab the dozens of credit card reciepts that are sitting in 
their and max out all of those credit cards ...  Or the nice checkout 
lady at the supermarket could copy your number down after you handed it 
to her ... or the man who takes your order at L.L. Bean ... or even 
somebody could steal your wallet.
     
All of these methods don't cost anything nor a substantial amount of 
time to get a credit card number.
     
One of the most overblown "security" issues of the past few years 
involve the potential pilfering of credit card numbers over the 
internet.  There are *much* easier ways of getting them.
     
-- 
Kelley Cook
     
     
     
     
--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net 
rc5-digest subscribers replace rc5 with rc5-digest
     
     

--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list