[48553] in Cypherpunks
re: FV Demonstrates Fatal Flaw in Software Encryption of Credit Cards
daemon@ATHENA.MIT.EDU (Eric Hughes)
Mon Jan 29 20:12:40 1996
Date: Mon, 29 Jan 1996 15:24:54 -0800
To: cypherpunks@toad.com
From: eric@remailer.net (Eric Hughes)
Thanks to Sandy Sandfort for bringing this to my attention.
Date: Mon, 29 Jan 1996 15:07:46 -0500 (EST)
From: Nathaniel Borenstein <nsb@nsb.fv.com>
As you may already have heard via the popular press, First Virtual
Holdings has developed and demonstrated a program which completely
undermines the security of every known credit-card encryption mechanism
for Internet commerce.
I'm breaking my silence in cypherpunks to respond to what must be the
most self-serving and fatuous expression of "concern" I've seen in a
while.
To wit: Ohmygod! PC's don't have perfect integrity!
Will someone please write a filter for common email packages which
automatically removes selected First Virtual transactions from the
confirmation messages? Encryption isn't the issue, Nathaniel, and you
know it. Me, I prefer bad faith over stupidity as an explanation for
this latest outpouring.
To all those Internet payment analysts out there:
Financial institutions are in the business of risk transfer. If
you don't transfer risk in some form, you're not a financial
institution but rather a service bureau. Managing endpoint integrity
risk is just one of the kinds of risk an Internet payments provider
has to deal with. First Virtual has demonstrated time and again that
they're pretty clueless about the whole subject of risk. As a result,
I don't give them more than about two years longer before they go
belly up.
Eric
