[MUD-Dev] strong encryption for authentication
Dave Rickey
daver at mythicentertainment.com
Sun Jul 15 14:07:11 CEST 2001
-----Original Message-----
From: Jon Lambert <tychomud at ix.netcom.com>
> The server is also in the hands of the enemy. Just take one of
> the compelling reasons for security; to prevent credit card fraud.
> I don't know if this is common knowledge or not, but by far most
> credit card fraud is perpetrated by employees of the vendor
> receiving the card number!
Kevin Mitnick went to jail for possessing 20,000 credit card numbers
he got from CompuServe. A company I worked at had a database of
over 200,000 CC numbers, along with the expiration dates, names and
addresses of the holders, *and* the records of the transactions they
had engaged in over the previous 3 years. Even though the
applications I worked on had absolutely no need for those numbers, a
simple SQL query dumped the whole lot into my system, where I could
have done *anything* with them. And I was there on a 6-month
contract that was actually with one of their business partners and
was on the payroll of yet a third company (a consulting/contracting
outfit), on paper I never worked there at all (or for any of the
companies actually receiving the funds).
Since I'm not currently living a life of luxury in Rio, you can
assume that I didn't do anything with them. But I easily could
have, such a setup would be a hackers dream and it wasn't unique.
Most security breaches are committed by people with *authorized*
access to the data.
--Dave Rickey
_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev
More information about the mud-dev-archive
mailing list