[2836] in WWW Security List Archive
Re: SSL and certificates
daemon@ATHENA.MIT.EDU (Jordyn A. Buchanan)
Thu Aug 29 01:49:20 1996
In-Reply-To: <v03007801ae49654cc0fb@[128.196.190.170]>
Date: Wed, 28 Aug 1996 23:58:19 -0400
To: Jim Ratliff <jim@virtualperfection.com>,
Michael Brennen <mbrennen@fni.com>
From: "Jordyn A. Buchanan" <jordyn@bestweb.net>
Cc: Www-Security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
At 7:56 PM -0700 8/27/96, Jim Ratliff wrote:
>At 5:24 AM -0700 8/27/96, Michael Brennen wrote:
>>At least one well advertised national Internet mall advertises its secure
>>credit card server -- then turns around and emails the CC to the client
>>unencrypted. Incredible. That is the most vulnerable side, as the email
>>sits on a disk for some period of time where it is the most subject to
>>being picked off. This *is* lulling users into false security, and it is
>>deliberate; I believe they know the security risks involved.
>>
>>With a well designed system, including proper PGP key and passphrase
>>management training to the client, the risks involved can be very greatly
>>reduced so that the risks are almost certainly lower than any other use of
>>CCs.
>
>Michael,
>
>I realize that this is a weak link (getting the CC# from server to
>merchant), but are there well-established alternatives?
>
>E.g. are there versions of PGP that an ISP can install on a UNIX box in a
>simple fashion?
Yes. PGP has compiled out-of-the-box on all the systems I've tried it on.
There are other alternatives as well: you could set up a secret key with
the merchant, for example, and simply use triple DES or IDEA on all the
messages you sent them.
>And then what? Do you write as part of the order-taking form-processing cgi
>a call to PGP before SENDMAIL?
That would work fine. There is also at least one sendmail wrapper
(pgpsendmail) that you could send the message to *instead* of sendmail,
which would also invoke PGP before actually sending the message off.
PGP also works in a pipe mode so it would be possible to simply pipe the
message through PGP on the way to sendmail.
As a sidenote, though, I'm not sure why Mr. Brennen considers e-mail on a
disk to be more vulnerable to hacking than e-mail in transit. If diskspace
is so easy to break into, presumably the hacker can simply modify the CGI
application so they get a copy of all the credit card information.
Obviously, administrative accounts are usually somewhat better defended
than user accounts, but persumably its possible to put some protection on
the merchant's accounts as well.
Jordyn
|---------------------------------------------------------------|
|Jordyn A. Buchanan jordyn@bestweb.net|
|Bestweb Corporation http://www.bestweb.net|
|Senior System Administrator +1.914.271.4500|
|---------------------------------------------------------------|
