[Home] [Groups] - Message: [Prev in Group] [Next in Group]

nu.kanga.list.mud-dev

20058: Re: [MUD-Dev] strong encryption for authentication

[Full Header] [Plain Text]
From: "Dave Rickey" <daver@mythicentertainment.com>
Newsgroups: nu.kanga.list.mud-dev
Date: Sun, 15 Jul 2001 14:07:11 -0400
Organization: Kanga.Nu
-----Original Message-----
From: Jon Lambert <tychomud@ix.netcom.com>

> The server is also in the hands of the enemy.  Just take one of
> the compelling reasons for security; to prevent credit card fraud.
> I don't know if this is common knowledge or not, but by far most
> credit card fraud is perpetrated by employees of the vendor
> receiving the card number!


Kevin Mitnick went to jail for possessing 20,000 credit card numbers
he got from CompuServe.  A company I worked at had a database of
over 200,000 CC numbers, along with the expiration dates, names and
addresses of the holders, *and* the records of the transactions they
had engaged in over the previous 3 years.  Even though the
applications I worked on had absolutely no need for those numbers, a
simple SQL query dumped the whole lot into my system, where I could
have done *anything* with them.  And I was there on a 6-month
contract that was actually with one of their business partners and
was on the payroll of yet a third company (a consulting/contracting
outfit), on paper I never worked there at all (or for any of the
companies actually receiving the funds).

Since I'm not currently living a life of luxury in Rio, you can
assume that I didn't do anything with them.  But I easily could
have, such a setup would be a hackers dream and it wasn't unique.
Most security breaches are committed by people with *authorized*
access to the data.

--Dave Rickey

_______________________________________________
MUD-Dev mailing list
MUD-Dev@kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev