[48949] in Cypherpunks
Re: Apology and clarification
daemon@ATHENA.MIT.EDU (Dave Del Torto)
Thu Feb 1 21:11:03 1996
Date: Thu, 1 Feb 1996 18:07:25 -0800
To: Nathaniel Borenstein <nsb@nsb.fv.com>
From: Dave Del Torto <ddt@lsd.com>
Cc: cypherpunks@toad.com, Tatu Ylonen <ylo@cs.hut.fi>,
droelke@rdxsunhost.aud.alcatel.com (Daniel R. Oelke),
sameer <sameer@c2.org>, Rich Salz <rsalz@osf.org>,
jpb@miamisci.org (Joe Block), ecarp@netcom.com,
eric@remailer.net (Eric Hughes)
At 1:57 AM 1/30/96, Nathaniel Borenstein wrote:
[explanation of keysniffing intentions elided]
>When you put all four of these together, you have an attack that IS new,
>in the sense that nobody we know of has ever mentioned it before, and
>which could in fact be used by a single criminal, with only a few weeks
[elided]
Nathaniel,
I took your posting in the spirit it was intended, I think, since it was
obviously not directed at a c'punk audience. You may remember, BTW, that I
did some information-gathering on keystroke sniffers early in 94. I, too,
did not feel comfortable spreading the info too widely, however, though
now, to a select audience, it might be timely.
Thanks for pointing out a very valid set of attack parameters, BTW.
>One good
>programmer, in less than a month, can write a program that will spread
>itself around the net, collect an unlimited number of credit card
>numbers, and get them back to the program's author by non-traceable
>mechanisms. Does anyone on this list doubt that this is true?
I do not doubt it for an instant. I even know some Eastern Eudopeans who
might be at it as we speak.
dave
