On Sun, Mar 25, 2001 at 09:30:48AM +0530, did Raju Mathur write:
> Here's a short HOWTO on using CC's securely on the 'net.
<snip>
> 1. Forget about SSL. It doesn't matter. Really. If the people
> sitting on the VSNL routers are smart enough to pick up your CC number
> from your data stream, give them a large hand -- they're pretty
> low-paid anyway and they deserve it.
I disagree that SSL & Co. are eyewash. Before transport layer security CC
numbers could have easily been picked by sniffing packets. It is because
of the fact that SSL is very secure that this particular way of picking CC
numbers has almost gone out of existence.
You are correct in saying that there are easier ways of cracking CC
numbers. The key word here is easier. Cracking into a website and picking
CC numbers is *easier* because cracking SSL is very difficult.
> 3. telnet ip.of.vendor.system 80
> HEAD / HTTP/1.0
>
> If the response string contains ``IIS'', don't send your CC number.
Heh.
Thaths
--
pub 1024R/9B7FE6BD 1998-03-25 Sudhakar Chandrasekharan <[EMAIL PROTECTED]>
Key fingerprint = 8A 84 2E 67 10 9A 64 03 24 38 B6 AB 1B 6E 8C E4
uid Sudhakar Chandrasekharan <[EMAIL PROTECTED]>
----------------------------------------------
An alpha version of a web based tool to manage
your subscription with this mailing list is at
http://lists.linux-india.org/cgi-bin/mj_wwwusr
