[13462] in cryptography@c2.net mail archive
Re: Maybe It's Snake Oil All the Way Down
daemon@ATHENA.MIT.EDU (Bill Frantz)
Fri Jun 6 14:45:34 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To:
<Pine.BSO.4.21.0306041054190.14223-100000@anon7.arachelian.com>
Date: Wed, 4 Jun 2003 14:13:22 -0700
To: Sunder <sunder@sunder.net>
From: Bill Frantz <frantz@pwpconsult.com>
Cc: "'cypherpunks'" <cypherpunks@lne.com>, cryptography@metzdowd.com
At 8:07 AM -0700 6/4/03, Sunder wrote:
>Depends on how it gets passed from the web servers to that computer. If
>it's encrypted with a public key on the web server that only the database
>has the private half, you're safe from someone sniffing that "proprietary
>one-way interface."
>
>However, if somone's already broken into the web server, they can collect
>the cc:'s before they get sent to the secure db.
>
>So if you're an old Amazon customer and don't change your CC >BEFORE<
>someone hacks into their web server, you're safe.
>
>It's certainly better than storing all CC's on the web server.
>
>Now if those CC's are in raw text on the DB end, Amazon is up shit's creek
>if someone walks away with a db dump, backup tape, or whatever.
>
>....
>
>However, this is in a lot of ways MORE secure than handing that waiter or
>store clerk your CC. Remember that nice yellow slip has your signature,
>CC number and expiration date on it. Very useful for an attacker.
>Infact, they likely had physical access to the CC and have that extra 3
>digit # on the back too.
>
>...
>
>I feel safer with Amazon's use of my CC than the above, don't you?
Well, I've only ordered from Amazon 2 or 3 times since they've been in
business. Having my CC on file gives a much longer exposure time than the
brief periods of time it would be "in transit". So, no I don't feel much
safer. The $50 limit on unauthorized charges is what makes me feel safer.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | Due process for all | Periwinkle -- Consulting
(408)356-8506 | used to be the | 16345 Englewood Ave.
frantz@pwpconsult.com | American way. | Los Gatos, CA 95032, USA
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
