[49086] in Cypherpunks
Re: FV's Borenstein discovers keystroke capture programs!
daemon@ATHENA.MIT.EDU (Bill Stewart)
Sat Feb 3 04:56:28 1996
Date: Sat, 03 Feb 1996 01:52:17 -0800
To: cypherpunks@toad.com
From: Bill Stewart <stewarts@ix.netcom.com>
At 09:24 AM 1/30/96 -0500, Nathaniel Borenstein <nsb@nsb.fv.com> wrote:
>> But I just can't believe that he thinks that
>the telephone is more secure on average than a keyboard.
>
>We have a few pages of C code that scan everything you type on a
>keyboard, and selects only the credit card numbers. How easy is that to
>do with credit card numbers spoken over a telephone?
>The key is large-scale automated attacks, not one-time interceptions.
Speaker-independent recognition of digits is a done deal.
For large-scale automated attacks, you obviously don't wiretap the customer;
you hire The Dread Pirate Mitnick* to wiretap the 800 number for the
Home Shopping Channel, and hoover down the CC numbers of a large
number of known frequent-shopping cardholders. (Actually, hitting on them
might be a bit tough, since they've presumably got direct T1s or T3s from
one or more carriers, which are harder to tap than the average residence line.)
(*Not the original Kevin "Dread Pirate" Mitnick, who's retired,
but Fred Bargle, who's got the current Dread Pirate Mitnick franchise.... :-)
#--
# Thanks; Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
# http://www.idiom.com/~wcs
