[48619] in Cypherpunks
None
daemon@ATHENA.MIT.EDU (Mr. Nobody)
Tue Jan 30 05:29:21 1996
Date: Tue, 30 Jan 1996 04:25:02 -0600
To: jrochkin@cs.oberlin.edu.cypherpunks@toad.com
From: "Mr. Nobody" <mixmaster@anon.alias.net>
In article <ad32cd9601021004af4e@[132.162.233.188]> jrochkin@cs.oberlin.edu (Jonathan Rochkind) writes:
> 3) I believe that FV works by assigning the user some sort of id number.
> They send the id accross the net, FV has a database with "FV-ID" <->
> credit-card-number correspondences, the merchant sends FV the id, FV bills
> your card and pays the merchant. Now, if I'm correct about how FV works,
> we could clearly write a program that searches your HD for FVs data files,
> extracts your FV-ID from it, and steals it. It could be a virus, it could
> send the FV accross the net, whatever. We could then use your FV-ID to
> make fraudulently make purchases through the FV system that would be billed
> to you. This is essentially the same attack as FV "demonstrates" against
> software encrypted credit cards over the net: that is, the "You have an
> insecure system and if we can put evil software on it, we can get you."
> attack.
This sounds like a fatal security flaw in FV's system! We need to
publicize this fact widely to prevent innocent people from using their
FV accounts from computers or over the network.
