>This makes no sense whatsoever. Credit card numbers are *universally* >encrypted; of course there's no interception of them.
There's a fair amount of low-level ecommerce by e-mail. They don't seem to be intercepted there, either. >In 1993, there was interception of passwords on the Internet. This strikes me as another example of "make your password totally obscure and change it every week", advice that was specific to a long ago environment that's been passed along as received wisdom. In the early 1990s there was still a fair amount of coax Ethernet, and twisted pair was usually connected to hubs rather than switches, so it was easy for a bad guy on your network or intermediate networks to snoop on the traffic. These days, the only shared media are hotel and coffee shop wifi. While we've certainly seen evidence that bad guys snoop on open wifi, it's not my impression that they're particularly looking for credit cards, more often passwords to accounts they can steal. The price of stolen credit cards in the underground economy is very low, so there's no point. The chokepoint to using stolen cards isn't getting the card numbers, it's to find cashers or money mules. So while I agree that it's a good idea in general to encrypt your traffic, I don't see any evidence that card numbers are at particular risk. R's, John _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
