On Mar 26, 2006, at 22:07, Joseph Ashwood wrote:
----- Original Message ----- From: "J. Bruce Fields"
<[EMAIL PROTECTED]>
Subject: Re: Creativity and security
On Fri, Mar 24, 2006 at 06:47:07PM -0000, Dave Korn wrote:
IOW, unless we're talking about a corrupt employee with a
photographic
memory and telescopic eyes,
Tiny cameras are pretty cheap these days, aren't they? The employee
would be taking more of a risk at that point though, I guess.
The one I find scarier is the US restaurant method of handling
cards. For those of you unfamiliar with it, I hand my card to the
waiter/waitress, the card disappears behind a wall for a couple of
minutes, and my receipt comes back for to sign along with my card.
Just to see if anyone would notice I actually did this experiment
with a (trusted) friend that works at a small upscale restaurant. I
ate, she took my card in the back, without hiding anything or
saying what she was doing she took out her cellphone, snapped a
picture, then processes everything as usual. The transaction did
not take noticably longer than usual, the picture was very clear,
in short, if I hadn't known she was doing this back there I would
never have known. Even at a high end restaurant where there are
more employees than clients no one paid enough attention in the
back to notice this. If it wasn't a trusted friend doing this I
would've been very worried.
Joe
Heh, that's marvelous.
I touched briefly on the awfulness of restaurant payment protocols in my
2004 paper from the Cambridge Protocols Workshop, which you may enjoy:
M. Blaze. "Toward a broader view of security protocols."
12th Cambridge International Workshop on Security Protocols.
Cambridge, UK. April 2004.
http://www.crypto.com/papers/humancambridgepreproc.pdf
-matt
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]