Re: One time encryption
am Montag, 15. September 2008 um 22:23 schrieb Jack S. LaRosa: I need to send credit card info to a vendor in payment for a part yet to be shipped. Is there an easy way to encrypt the info so it can't be read if it's intercepted in transit and yet *can* be read by the recipient? Or am I worrying about nothing? I would also worry about sending Credit Card Info in Plain Text ;-) As you were already told, a fax could be an alternative. If you both (sender/recipient) have Windows, you might try Free Portable Encryption/Decryption Software - PicoCrypt (http://www.picofactory.com/download/free/software/encryption_decryption/picocrypt) 2008/09/19 16:44:19 -- PicoCrypt - Encryption/Decryption Software (free) Description It is a small and extremely fast encryption utility that uses Blowfish encryption algorithm in CBC mode. It is easy to use and support multiple files drag-and-drop. In addition, it is portable, you can put it on your USB memory stick and run it anywhere you go! Very useful for users who want to keep their document secure on their computer or transfer over Internet using unsecure channel. It uses a 128-bits key that is the MD5 message-digest of user password Or, if you have different Operating Systems, i found some Shareware CryptoHeaven for Java(tm) Website http://www.cryptoheaven.com Version: 2.2 Size: 1955 KB Downloads: 55 Price: $29.00 Licence: Shareware If your Receipient has a PGP/GPG Public Key, you could also encrypt an Textfile (Attached) which only he can open with his private Key. -- Mit freundlichen Grüßen Jens Franik mailto:[EMAIL PROTECTED] Picture of me? X-Rogue http://www.de2all.de/Kr_bat.jpg The Bat! 4.0.34.6 AntiSpamSniper 3.0.0.9 Windows 2000 5.0 build 2195 Service Pack 4 Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
On Friday, September 19, 2008, 16:50:43, Jens Franik wrote: Licence: Shareware You should always be wary of security programs that don't use open encryption standards (this doesn't just mean that the program uses eg. AES algorithm for encryption, but that you can use another open-source program to decrypt the files produced by such software), because otherwise you can never know what kind of backdoors there are in the program (not necessarily intentional - the backdoor may be there simply because there are weaknesses that the original authors didn't think about when they were designing the program). -- Jernej Simončič http://eternallybored.org/ Ideal goals grow faster than the means of attaining new goals allow. -- Wober's SNIDE Rule (Satisfied Needs Incite Demand Excesses) Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
am Freitag, 19. September 2008 um 18:43 schrieb Jernej Simončič: On Friday, September 19, 2008, 16:50:43, Jens Franik wrote: Licence: Shareware You should always be wary of security programs that don't use open encryption standards You are right! -- Mit freundlichen Grüßen Jens Franik mailto:[EMAIL PROTECTED] Picture of me? X-Rogue http://www.de2all.de/Kr_bat.jpg The Bat! 4.0.34.6 AntiSpamSniper 3.0.0.9 Windows 2000 5.0 build 2195 Service Pack 4 Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: One time encryption
Wednesday, September 17, 2008, 4:15:40 PM, you wrote: Hi On Wednesday 17 September 2008 at 8:13:23 PM, in mid:[EMAIL PROTECTED], Dan Lester wrote: When they write the check they cross out the phone number on it Phone number? On a cheque? Most US banks put it on by default. In the past, at least, stores would always ask for it when you wrote the check and they checked your drivers license. As noted, these days the checks are generally scanned and confirmed electronically, much like your credit/debit card is. I'm sure the checks in question had been ordered several years before they were used. Since I don't write the few checks I'm not sure if our current ones have phone or not. dan -- The road goes on forever and the party never ends. REK, Jr. Dan Lester, Boise, ID Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
Hi On Thursday 18 September 2008 at 1:46:19 PM, in mid:[EMAIL PROTECTED], Dan Lester wrote: Phone number? On a cheque? Most US banks put it on by default. Fair enough. We don't get that in the UK. My phone number is private and not the bank's or the payee's business unless I decide otherwise. In the past, at least, stores would always ask for it when you wrote the check and they checked your drivers license. If they accepted cheques larger than your cheque guarantee limit they would often ask for your address over here, rarely phone number. One bank I know of used to print the customer's address on their cheques but had to stop this nearly 20 years ago. As noted, these days the checks are generally scanned and confirmed electronically, much like your credit/debit card is. To me, that would defeat the object of paying by cheque. If the money is in your account today, it is quicker and easier to pay by card. If it will be there in a day or two, the cheque used today will hit your account after the money gets there. I'm sure the checks in question had been ordered several years before they were used. I used to be like that - the banks automatically send a new chequebook from time to time and you end up with lots of them. I'm not sure if our current ones have phone or not. If people change mobile phone numbers as frequently there as here, it would never be up to date. I'm sure few people would give the bank a new phone number to harrass them on. This is getting way off-topic. -- Best regards, MFPA No matter where you go, there you are. Using The Bat! v4.0.34 on Windows XP 5.1 Build 2600 Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: One time encryption
My last msg in this thread, comments below as required. Thursday, September 18, 2008, 7:36:43 AM, you wrote: Most US banks put it on by default. Fair enough. We don't get that in the UK. My phone number is private and not the bank's or the payee's business unless I decide otherwise. Of course for most of us, it is public in the phone book anyway, unless we pay them the fee to keep it private. In the past, at least, stores would always ask for it when you wrote the check and they checked your drivers license. If they accepted cheques larger than your cheque guarantee limit they would often ask for your address over here, rarely phone number. One bank I know of used to print the customer's address on their cheques but had to stop this nearly 20 years ago. Most in US don't have check guarantees, though they do have overdraft protection (i.e. the bank will automatically lend you the money in hundred dollar increments, up to some predefined limit). As noted, these days the checks are generally scanned and confirmed electronically, much like your credit/debit card is. To me, that would defeat the object of paying by cheque. If the money is in your account today, it is quicker and easier to pay by card. If it will be there in a day or two, the cheque used today will hit your account after the money gets there. Basically, they're eliminating the float, which makes sense to them. But in most grocery stores and such, there is not float. But you can always pay by credit card if you need to float it. I'm sure the checks in question had been ordered several years before they were used. I used to be like that - the banks automatically send a new chequebook from time to time and you end up with lots of them. Checks here are never free. You can buy them from the bank, but many companies will sell them to you at a much lower rate per check. I'm not sure if our current ones have phone or not. If people change mobile phone numbers as frequently there as here, it would never be up to date. I'm sure few people would give the bank a new phone number to harrass them on. True enough. And those aren't listed in phone book. One of the nice things now is the ability to keep the same phone number forever, whether cell, wired, changing cell companies, etc. I recently changed cell providers and kept the same number. Would have been a major problem if I didn't keep it, due to so many business records being keyed to it. As noted, my final public reply on this getting-off-topic thread, but will be happy to discuss with anyone who cares by private email. -- The road goes on forever and the party never ends. REK, Jr. Dan Lester, Boise, ID Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
Hello Jernej, On Wed, 17 Sep 2008 22:19:08 +0200 GMT (18/09/2008, 03:19 +0700 GMT), Jernej Simončič wrote: True. But the eavesdropper needs to have physical access to the appropriate cable at least once, while email can be hacked remotely. JS Which is much easier to get than you imagine - most buildings have the JS phone exchange somewhere in the basement, and it's usually not hard to JS get to it. Then you just need to tap the appropriate line (which is JS harder if you don't know the line number in advance, as these places JS often have several hundred lines going through). Yes, anything is possible for a dedicated criminal or legal agency. My point was the physical access, which means somebody has to be there. With hacking on the internet, the criminal can be anywhere in the world. JS Anyway, e-mail is not a secure way to transfer credit card details, JS unless you encrypt it with the recipient's certificate. JS The point I was trying to make is that most retailers that have online JS shops usually have a single database for orders, so it doesn't matter JS in what way you get your credit card details to them - it'll end up in JS the same place anyway. And this is the database that must be kept JS secure (and practically the only source from which an attacker could JS gain the card number from - all major breaches so far happened because JS this database wasn't secured properly). We agree on this. For the technology yes. However, I would believe that the number of hackers connecting their fax machines (or software equivalent) to other people's phone/fax lines is less than those intercepting IP traffic remotely. That's just a guess, I have no figures. JS You can't intercept IP traffic that doesn't pass through a system JS under your control. But then, a dedicated criminal can bring a system under his control from anywhere in the world. Maybe he can just spy out the password that opens the information to him. Are we moving in circles yet? ;-) -- Cheers, Thomas. My husband and I divorced over religious differences. He thought he was God and I didn't. http://thomas.fernandez.hat-gar-keine-homepage.de/ Message reply created with The Bat! 4.0.28.4 under Windows XP 5.1 Build 2600 Service Pack 2 Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
On Thursday, September 18, 2008, 12:37:05 PM, you wrote: Yes, anything is possible for a dedicated criminal or legal agency. My point was the physical access, which means somebody has to be there. With hacking on the internet, the criminal can be anywhere in the world. Sure, but is it worth worrying about? Y' know, I'm just a guy. I have a credit card I sometimes use online, have some mostly boring email, and visit mainly innocuous web sites. For the most part, it would be more trouble than it's worth for someone to go after this stuff. It's not like I'm the governor of Alaska or something. -- Running The Bat! version 4.0.24 under Windows XP Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
Hello Gene, On Thu, 18 Sep 2008 16:31:07 -0400 GMT (19/09/2008, 03:31 +0700 GMT), Gene Brown wrote: Yes, anything is possible for a dedicated criminal or legal agency. My point was the physical access, which means somebody has to be there. With hacking on the internet, the criminal can be anywhere in the world. GB Sure, but is it worth worrying about? Y' know, I'm just a guy. I GB have a credit card I sometimes use online, have some mostly boring GB email, and visit mainly innocuous web sites. For the most part, it GB would be more trouble than it's worth for someone to go after this GB stuff. Stealing credit card information is a million-dollar business. However, even in that business they try to be efficient. It is much more efficient to steal this information while being online than having to physically go to tap every fax cable. GB It's not like I'm the governor of Alaska or something. ;-) -- Cheers, Thomas. When a clock is hungry, it goes back four seconds. http://thomas.fernandez.hat-gar-keine-homepage.de/ Message reply created with The Bat! 4.0.28.4 under Windows XP 5.1 Build 2600 Service Pack 2 Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
On Thursday, September 18, 2008, 8:45:11 PM, you wrote: Stealing credit card information is a million-dollar business. However, even in that business they try to be efficient. It is much more efficient to steal this information while being online than having to physically go to tap every fax cable. Of course that's all true. I'm not disputing any of that. There is a risk of online information being stolen. It's just not something I'm going to put much energy into worrying about. There are other smarter and more competent (and more paranoid) people out there who do worry about these things, and I'm grateful for that. I like to think that I generally understand the risks and that I'm reasonably prudent in how I exchange information. I'm glad there are secure transmission protocols, encryption mechanisms, trusted sites and all kinds of other things in place so I don't have to worry about it. -- Running The Bat! version 4.0.24 under Windows XP Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: One time encryption
Monday, September 15, 2008, 6:53:21 PM, you wrote: Is the internet really any riskier than how I use the card every day? Actually the internet is much safer. As you point out, you give the card to all sorts of people. And then there are the people you give it to on the phone...and on and on. As a side note, but an important ond, DO NOT PUT YOUR MAIL IN A BOX IN FRONT OF YOUR HOUSE for the letter carrier to pick up. Your mail can be taken by a crook and your identity and/or money stolen. I know. They took outgoing mail containing five checks on two banks. All were washed chemically and rewritten for their own benefit. It took about 3 days of my life to sort it out with police, banks, those who didn't get paid, etc. Always put your mail in an official mailbox at the post office or elsewhere. dan -- The road goes on forever and the party never ends. REK, Jr. Dan Lester, Boise, ID Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
On Wednesday, September 17, 2008, 17:05:59, Dan Lester wrote: As a side note, but an important ond, DO NOT PUT YOUR MAIL IN A BOX IN FRONT OF YOUR HOUSE for the letter carrier to pick up. Your mail can be taken by a crook and your identity and/or money stolen. You mean your own postbox or ...? The only way to send mail here is to drop it either in a yellow postbox (there's enough of them around the city), or to drop it off directly at post. The mailboxes on houses are all locked, so the postman can drop the mail in, but it's hard to get out without the key (assuming the owner didn't leave it unlocked, which usually isn't the case). I know. They took outgoing mail containing five checks on two banks. Checks? How long ago was this? -- Jernej Simončič http://eternallybored.org/ The public is not made up of people who get their names in the newspapers. -- Wilson's Law of Demographics Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
Hello Jernej, On Tue, 16 Sep 2008 21:53:14 +0200 GMT (17/09/2008, 02:53 +0700 GMT), Jernej Simončič wrote: The easiest way, if you have a fax machine, is to fax him the information. That's a straight phone-line connection, not networked, so the probability of anyone being able to tap into it is very small. JS It's actually quite easy to eavesdrop on phone - you just need to JS connect a cable at the appropriate place. Once you do that, it's not JS even that hard to intercept faxes. True. But the eavesdropper needs to have physical access to the appropriate cable at least once, while email can be hacked remotely. Come on. Of course every phone line can be tapped (except if you have one of those 007-gadgets where you have to say scramble! before starting to speak, and the whole conversation is encrypted even if the other party uses a standard phone), but this is only likely in the event someone has a personal grudge against you or the other party in the phone conversation. Sure, government agencies do that all the time, but how likely is that that the average hacker taps a phone/fax line? Do you keep a gun under your mattress yet? In addition, the image format that fax uses is pretty effective as an encryption measure even though it's a published standard. A casual snooper isn't likely to have the necessary tools... JS Much more likely to have them than anything that would let him JS intercept IP traffic, be it through DSL or cable (not to mention JS that even intercepting that traffic won't help when the site uses JS encryption). For the technology yes. However, I would believe that the number of hackers connecting their fax machines (or software equivalent) to other people's phone/fax lines is less than those intercepting IP traffic remotely. That's just a guess, I have no figures. I am also still waiting for the headline Credit Card Details Stolen by Gang who Connected Fax Machines to Vendors' Fax Lines. If you say this has happened more often that with credit card details sent by unencrypted emails or via unsecured websites, or has happened at all, I would be amazed by someone's ability to keep it out of the press. A new conspiracy theory is in the making... ;-) -- Cheers, Thomas. Wednesday, the Ladies Liturgy Society will meet. Mrs. Jones will sing Put me in My Little Bed accompanied by the pastor. http://thomas.fernandez.hat-gar-keine-homepage.de/ Message reply created with The Bat! 4.0.28.4 under Windows XP 5.1 Build 2600 Service Pack 2 Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
Hello MFPA, On Tue, 16 Sep 2008 19:41:51 +0100 GMT (17/09/2008, 01:41 +0700 GMT), MFPA wrote: Is the internet really any riskier than how I use the card every day? M Unlikely to be riskier than allowing people to wander off with it. M Several years since I saw that - these days they usually have a M portable EPOS terminal they bring to you at the table. Failing that M they ask you to go to the counter. No such EPOS terminals exist over here. The credit card still disappears with the waiter for a couple of minutes. If you buy something from a small shop, it is possible that they ask you to wait a bit while your card is carried to another shop - a company needs to have credentials with the bank before being allowed to accept credit cards, and the small shop may not have them. Many years ago, the risk over here was that your card was copied on the way and you would suddenly find additional billings on your card when you returned from your vacation. However, this is not the case any more, the credit card companies blacklist vendors easily. -- Cheers, Thomas. What? What the hell is a RFC? I _do_ already use NAV! - Peter Palmreuther on TBUDL. http://thomas.fernandez.hat-gar-keine-homepage.de/ Message reply created with The Bat! 4.0.28.4 under Windows XP 5.1 Build 2600 Service Pack 2 Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
Hi On Wednesday 17 September 2008 at 5:22:25 PM, in mid:[EMAIL PROTECTED], Thomas Fernandez wrote: No such EPOS terminals exist over here. The credit card still disappears with the waiter for a couple of minutes. Even in the old days of the machine you put the card on, placed a form over the top and slid the big lump of plastic back and forth, many people used to require the waiter to do it in front of them. If you buy something from a small shop, it is possible that they ask you to wait a bit while your card is carried to another shop - The closest I have seen to that is to ring another branch with the details to process the transaction, or to swipe the old-style slip and process it later elsewhere. a company needs to have credentials with the bank before being allowed to accept credit cards, and the small shop may not have them. In my experience they just charge lots to handle your business and impose a stupidly small (or even zero) floor limit. You can still accept cards but it is expensive for you and they have to OK each transaction. I guess with chip and PIN and online referrals things are different now. Many years ago, the risk over here was that your card was copied on the way and you would suddenly find additional billings on your card when you returned from your vacation. The carbon paper between the copies of the payment slip held all the info they needed to make their own copy. However, this is not the case any more, the credit card companies blacklist vendors easily. It still happens. You even hear about prosecutions involving places with a camera in the ceiling to record people entering their PIN. -- Best regards, MFPA Beware the deadly donkey falling slowly from the sky Using The Bat! v4.0.34 on Windows XP 5.1 Build 2600 Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: One time encryption
Wednesday, September 17, 2008, 9:32:52 AM, you wrote: As a side note, but an important ond, DO NOT PUT YOUR MAIL IN A BOX IN FRONT OF YOUR HOUSE for the letter carrier to pick up. Your mail can be taken by a crook and your identity and/or money stolen. You mean your own postbox or ...? Yes. In many parts of the US (maybe most) you can leave outgoing mail in your mailbox. The real problem is when it is one of the very common mailboxes on a post next to the street or highway. The letter carrier comes by in a little vehicle (sort of a small panel truck, usually) and if the red flag is up, meaning you have outgoing mail, they stop and get it, even if they're not delivering any to you that day. The only way to send mail here is to drop it either in a yellow postbox (there's enough of them around the city), or to drop it off directly at post. The mailboxes on houses are all locked, so the postman can drop the mail in, but it's hard to get out without the key (assuming the owner didn't leave it unlocked, which usually isn't the case). Some apartments or condominium complexes have those, but they also usually have a locked box that you can drop things in. I know. They took outgoing mail containing five checks on two banks. Checks? How long ago was this? Three years. My wife handles the money, and she now pays almost everything electronically, except for a couple that won't handle that. Those get dropped at the post office. The criminals drive around in a van, and if they see the flag up, the grab the mail, and drive on to the next one with flag up. While one person drives, one rides on the passenger side and does the grabbing mail and putting flag down, and one or two others are in back with liquid that removes the ink from the checks. I saw the checks when they came back and it was almost impossible to tell something else was ever written on them. Then they make a fake drivers license or other ID with their picture but my information. They have all the equipment in the van. Then they write the checks for an amount that in each case is slightly smaller than the original amount it was written for, to make sure it won't bounce. When they write the check they cross out the phone number on it and write in a new phone number that is a phony, so that if there is any problem, the merchant won't call me, so I won't be tipped off to a problem. The first I knew of a problem was when I got an overdue credit card bill. She ALWAYS pays ALL bills within a week of receiving them, so knew there was a problem. Anyway, the crooks ultimately got caught, the banks ultimately put the money back in our accounts, and all was well. A hard lesson learned. Also, the credit card and other companies each removed any overdue charges from the accounts and our credit record was made clean. But it was a VERY time consuming thing to do all of that. I spent 25 to 30 daytime hours on it over a ten day period. So, sorry if this is too long or too off topic. I assume that there are conditions in many places where crooks could do the same thing. Oh, yes, the stuff they buy is pawned and they get money to buy drugs. dan -- The road goes on forever and the party never ends. REK, Jr. Dan Lester, Boise, ID Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
On Wednesday, September 17, 2008, 18:15:58, Thomas Fernandez wrote: True. But the eavesdropper needs to have physical access to the appropriate cable at least once, while email can be hacked remotely. Which is much easier to get than you imagine - most buildings have the phone exchange somewhere in the basement, and it's usually not hard to get to it. Then you just need to tap the appropriate line (which is harder if you don't know the line number in advance, as these places often have several hundred lines going through). Anyway, e-mail is not a secure way to transfer credit card details, unless you encrypt it with the recipient's certificate. The point I was trying to make is that most retailers that have online shops usually have a single database for orders, so it doesn't matter in what way you get your credit card details to them - it'll end up in the same place anyway. And this is the database that must be kept secure (and practically the only source from which an attacker could gain the card number from - all major breaches so far happened because this database wasn't secured properly). For the technology yes. However, I would believe that the number of hackers connecting their fax machines (or software equivalent) to other people's phone/fax lines is less than those intercepting IP traffic remotely. That's just a guess, I have no figures. You can't intercept IP traffic that doesn't pass through a system under your control. -- Jernej Simončič http://eternallybored.org/ If it's good, they'll stop making it. -- Herblock's Law Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
On Wednesday, September 17, 2008, 21:13:23, Dan Lester wrote: Three years. My wife handles the money, and she now pays almost everything electronically, except for a couple that won't handle that. Those get dropped at the post office. Interesting. Checks vanished practically overnight here when banks stopped giving guarantee on them about 15 years ago, and everything moved to electronic transactions. -- Jernej Simončič http://eternallybored.org/ No boss will keep an employee who is right all the time. -- Pitfall of Genius Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: One time encryption
Wednesday, September 17, 2008, 2:30:02 PM, you wrote: On Wednesday, September 17, 2008, 21:13:23, Dan Lester wrote: Three years. My wife handles the money, and she now pays almost everything electronically, except for a couple that won't handle that. Those get dropped at the post office. Interesting. Checks vanished practically overnight here when banks stopped giving guarantee on them about 15 years ago, and everything moved to electronic transactions. I still know many people who don't have computers, and/or don't trust the internet at all. As has been said on the list, the net is safer than most other places for money transactions, but old ideas die hard. I always carry some cash, but haven't personally written a check in several years, and as noted, wife rarely does. I will say that checks here are electronically verified in most stores. They're scanned quickly, and checked against your account (the store just gets an OK, no details). And in some bigger stores, it is done as an EFT, just as if you'd given them a debit card; in those cases they just hand the check back to you. Lots of changes everywhere. dan -- The road goes on forever and the party never ends. REK, Jr. Dan Lester, Boise, ID Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
Hi On Wednesday 17 September 2008 at 10:25:14 PM, in mid:[EMAIL PROTECTED], Ian A. White wrote: The reason no one ever blames a phishing scam for the loss of their secure data is because banks and other financial institutions will not cover you if you volunteer the information. And just maybe because they don't want to admit that they were gullible (-; -- Best regards, MFPA Don't ask me, I'm making this up as I go! Using The Bat! v4.0.34 on Windows XP 5.1 Build 2600 Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
Hi On Wednesday 17 September 2008 at 8:13:23 PM, in mid:[EMAIL PROTECTED], Dan Lester wrote: When they write the check they cross out the phone number on it Phone number? On a cheque? -- Best regards, MFPA Don't talk unless you can improve on the silence Using The Bat! v4.0.34 on Windows XP 5.1 Build 2600 Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
Hi On Wednesday 17 September 2008 at 9:30:02 PM, in mid:[EMAIL PROTECTED], Jernej Simoncic wrote: Interesting. Checks vanished practically overnight here when banks stopped giving guarantee on them about 15 years ago, and everything moved to electronic transactions. Lots of shops etc here don't take cheques any more but people still use them. Business cheques seem to be lasting longer than personal as it is harder to get a credit or debit card for a business. -- Best regards, MFPA Was time invented by an Irishman named O'Clock? Using The Bat! v4.0.34 on Windows XP 5.1 Build 2600 Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
Hello Jack, This is what you said on Mon, 15 Sep 2008 15:23:31 -0500 your time: Is there an easy way to encrypt the info so it can't be read if it's intercepted in transit and yet *can* be read by the recipient? Mostly, any secure system would require that the receiving part had a key/password to unlock the information that you send them. There are many ways to do this: Send a password protected WinRAR archive (or zip) and either phone them and let them know the password or send them the password/unlock code in a separate email. Send them a password protected PDF file. Lots of software available for free for that. There is Steganos LockNote (free) which fits this role perfectly. Although you'll have to rar or zip the bare exe file as it may not get delivered. PGP / GnuPG, but that is dependent on the recipient already being familiar with this form of encryption. Anyhow, there are many ways, not just those above, but the requirement will always be that the recipient has the password to unlock the information you send them. Of course sending the password or unlock code by email is insecure as well, but I would definitely prefer to do that than send my details in an insecure email...and it's just not good practice to do that IMO. Or am I worrying about nothing? Certainly not. I think it is completely sensible to think about these things and find solutions for them. -- Simon (Privateofcourse) #27836. Woe Wig End Rhos? ¶ TB! 4.0.34 WinXP Pro Service Pack 3 Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
Hello Jack, On Monday, September 15, 2008, you wrote: JSL I need to send credit card info to a vendor in payment for a part yet JSL to be shipped. Is there an easy way to encrypt the info so it can't be JSL read if it's intercepted in transit and yet *can* be read by the JSL recipient? Or am I worrying about nothing? Some people, myself included, think that the anonymity offered by the sheer scale of the Internet outweighs the risk of identifying your message as interesting by including an easy to spot encryption header or similar. Some people allege that governments only filter encrypted traffic, on the assumption that that's how terrorists are communicating. On that subject, I don't think that the government needs to snoop my e-mail to get my CC details, or anything else for that matter... Once you turn over this stone, however, it's not long before you're employing steganography and by the end of the week you'll be sleeping under the bed with a gun! Oh no, now you've got me started. Sorry. -- Nick | [EMAIL PROTECTED] Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
On Monday, September 15, 2008, 22:23:31, Jack S. LaRosa wrote: I need to send credit card info to a vendor in payment for a part yet to be shipped. Is there an easy way to encrypt the info so it can't be read if it's intercepted in transit and yet *can* be read by the recipient? Or am I worrying about nothing? The safest way is to use a secure web form, if the vendor offers it (and if they do, it's likely that the info you send them in any other way will end up being entered to that webform by an employee anyway, so you just increase the risk of the data being intercepted in-flight by using other means of communication). Before entering the data, ensure that the address starts with https, and that there's a lock symbol near the titlebar (or in status bar, depending on your browser). https and the lock icon signify that the connection is encrypted, and that nobody will be able to read the data, even if it's intercepted. Note that listening in on phone conversations (and fax communications) is much easier than intercepting even unencrypted communication over the internet. -- Jernej Simončič http://eternallybored.org/ The solution to a problem changes the problem. -- Peer's Law Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
On Tuesday, September 16, 2008, 13:19:26, Gunivortus Goos wrote: Note that listening in on phone conversations (and fax communications) is much easier than intercepting even unencrypted communication over the internet. Except for Skype's IP-phonecalls, I experienced, they're obviously encrypted. I was referring to POTS (plain old telephone service), not IP telephony (which is about as hard to tap into as other internet communications; note that Skype's encryption isn't to be trusted). -- Jernej Simončič http://eternallybored.org/ The grass is brown on both sides of the fence. -- Ed Yourdonradar's Fundamental Truth Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: One time encryption
Hi Jernej Simončič, Note that listening in on phone conversations (and fax communications) is much easier than intercepting even unencrypted communication over the internet. Except for Skype's IP-phonecalls, I experienced, they're obviously encrypted. And in a strange turn of events, the cat was electrocuted. -- Regards, Gunivortus Using The Bat Vs. 4.0.34.4 under Vista Ultimate 32 bit Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
Hello Gene, On Mon, 15 Sep 2008 20:53:21 -0400 GMT (16/09/2008, 07:53 +0700 GMT), Gene Brown wrote: Or am I worrying about nothing? GB Maybe I've naive, but I've never had a problem with doing this. If GB you send your credit card number to the vendor, what happens to it GB after that? How does the vendor secure it? I agree with you on this. The main problem is how the vendor stores the information. Even banks got hacked, or their customer details copied on CD for sale. GB When I use a credit card in a restaurant, I give it to the waiter GB and he disappears for several minutes. Does he have a buddy back in GB the kitchen who collects these numbers for resale? I don't know, but GB I don't worry about it. Neither do I. In the past, I had billings on my credit card that weren't from me: 1.) In a hotel. I asked the CC company to forward me a copy of the sales slip with my signature. Once they realised they couldn't provide it, they credited the amount to me and blacklisted the vendor. (Visa) 2.) By internet. Somebody had used my CC details to subscribe to a porn website. My number had obviously been burnt, i.e. circulated to people who practice fraud. The amount was credited back to me, and I was offered a new CC number. BTW they can actually check the IP address from which the CC payment instruction originated, so I think somebody got in trouble. (Amex) GB Is the internet really any riskier than how I use the card every GB day? On the other hand, I do second Jernej's suggestion to give your credit card number only over a secured website, if offered. This prevents the trouble of complaining and rejecting a charge, which is a bit of paperwork. On second thought, there still remains the question of how secure the vendor stores the information. Remember that credit card companies still have to prove that it was you who bought the goods or services. This means they cannot charge your card out of whim. If they didn't care, they would loose customers quickly. But then, laws and practices in different countries differ. Back to the original question, I don't think the average vendor will go through the procedures of a one-time encryption. If they don't have a secure website and thus aren't security-conscious, submit your CC details by phone and worry about how they store the information. I'm now off to book a rental car for my upcoming trip to Europe, using my credit card on their website... -- Cheers, Thomas. When a clock is hungry, it goes back four seconds. http://thomas.fernandez.hat-gar-keine-homepage.de/ Message reply created with The Bat! 4.0.28.4 under Windows XP 5.1 Build 2600 Service Pack 2 Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
Hello Privateofcourse, Tuesday, September 16, 2008, 5:21:19 AM, you wrote: P Hello Jack, P This is what you said on Mon, 15 Sep 2008 15:23:31 -0500 your time: Is there an easy way to encrypt the info so it can't be read if it's intercepted in transit and yet *can* be read by the recipient? P Mostly, any secure system would require that the receiving part had a P key/password to unlock the information that you send them. -snip-- P Certainly not. I think it is completely sensible to think about these things P and find solutions for them. Thanks Simon. Please see the response from Gene Brown. I tend to get un-realistically paranoid at times. -- Best regards, Jackmailto:[EMAIL PROTECTED] Using TB! v3.99.3 from Windows XP 5.1 Build 2600 - Service Pack 3 Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
Hello Nick, Tuesday, September 16, 2008, 6:00:49 AM, you wrote: ND Hello Jack, ND On Monday, September 15, 2008, you wrote: JSL I need to send credit card info to a vendor in payment for a part yet JSL to be shipped. Is there an easy way to encrypt the info so it can't be JSL read if it's intercepted in transit and yet *can* be read by the JSL recipient? Or am I worrying about nothing? ND Some people, myself included, think that the anonymity offered by the ND sheer scale of the Internet outweighs the risk of identifying your ND message as interesting by including an easy to spot encryption ND header or similar. Some people allege that governments only filter ND encrypted traffic, on the assumption that that's how terrorists are ND communicating. On that subject, I don't think that the government ND needs to snoop my e-mail to get my CC details, or anything else for ND that matter... ND Once you turn over this stone, however, it's not long before you're ND employing steganography and by the end of the week you'll be sleeping ND under the bed with a gun! ND Oh no, now you've got me started. Sorry. See! Now THAT'S what I'm talkin 'bout!:) Now, where'd I put that darned gun -- Best regards, Jackmailto:[EMAIL PROTECTED] Using TB! v3.99.3 from Windows XP 5.1 Build 2600 - Service Pack 3 Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
Hello Gene, Monday, September 15, 2008, 7:53:21 PM, you wrote: GB On Monday, September 15, 2008, 4:23:31 PM, you wrote: Or am I worrying about nothing? GB Maybe I've naive, but I've never had a problem with doing this. If GB you send your credit card number to the vendor, what happens to it GB after that? How does the vendor secure it? GB When I use a credit card in a restaurant, I give it to the waiter GB and he disappears for several minutes. Does he have a buddy back in GB the kitchen who collects these numbers for resale? I don't know, but GB I don't worry about it. GB Is the internet really any riskier than how I use the card every GB day? It's called Web Paranoia and it's probably completely un-justified. You're right in everything you say. Ultimately, we decided to just conduct the transaction over the phone, a cell phone yet. Probably being eavesdropped upon (cell phone paranoia). -- Best regards, Jackmailto:[EMAIL PROTECTED] Using TB! v3.99.3 from Windows XP 5.1 Build 2600 - Service Pack 3 Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
Hello, Jack-- On Tuesday, September 16, 2008, 1:37:33 PM, you wrote: GB Is the internet really any riskier than how I use the card every GB day? It's called Web Paranoia and it's probably completely un-justified. You're right in everything you say. Ultimately, we decided to just conduct the transaction over the phone, a cell phone yet. Probably being eavesdropped upon (cell phone paranoia). This is getting dangerously off topic, and we're probably risking a good trouting. (It's called Bat! Paranoia.) In my experience, the credit card companies are (thankfully) much more paranoid than I am, and I have some stories to back that up. But we should probably stop this thread or move it to TBOT. -- Gene -- Running The Bat! version 4.0.24 under Windows XP Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
Hi On Tuesday 16 September 2008 at 12:19:26 PM, in mid:[EMAIL PROTECTED], Gunivortus Goos wrote: And in a strange turn of events, the cat was electrocuted. Poor cat. What happened? -- Best regards, MFPA Nothing a Pan-Galactic Gargle Blaster won't cure! Using The Bat! v4.0.34 on Windows XP 5.1 Build 2600 Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
Hi On Tuesday 16 September 2008 at 1:53:21 AM, in mid:[EMAIL PROTECTED], Gene Brown wrote: On Monday, September 15, 2008, 4:23:31 PM, you wrote: When I use a credit card in a restaurant, I give it to the waiter and he disappears for several minutes. Is the internet really any riskier than how I use the card every day? Unlikely to be riskier than allowing people to wander off with it. Several years since I saw that - these days they usually have a portable EPOS terminal they bring to you at the table. Failing that they ask you to go to the counter. -- Best regards, MFPA Keep them dry and don't feed them after midnight Using The Bat! v4.0.34 on Windows XP 5.1 Build 2600 Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
Hi On Tuesday 16 September 2008 at 12:22:24 AM, in mid:[EMAIL PROTECTED], Jim Kyle wrote: The easiest way, if you have a fax machine, is to fax him the information. That's a straight phone-line connection, not networked, so the probability of anyone being able to tap into it is very small. Although, of course, the other end may use fax software on a PC... In addition, the image format that fax uses is pretty effective as an encryption measure even though it's a published standard. A casual snooper isn't likely to have the necessary tools... The casual snooper may be snooping at the paper coming off a fax machine (-; -- Best regards, MFPA Editing is a rewording activity Using The Bat! v4.0.34 on Windows XP 5.1 Build 2600 Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
On Tuesday, September 16, 2008, 1:22:24, Jim Kyle wrote: The easiest way, if you have a fax machine, is to fax him the information. That's a straight phone-line connection, not networked, so the probability of anyone being able to tap into it is very small. It's actually quite easy to eavesdrop on phone - you just need to connect a cable at the appropriate place. Once you do that, it's not even that hard to intercept faxes. In addition, the image format that fax uses is pretty effective as an encryption measure even though it's a published standard. A casual snooper isn't likely to have the necessary tools... Much more likely to have them than anything that would let him intercept IP traffic, be it through DSL or cable (not to mention that even intercepting that traffic won't help when the site uses encryption). -- Jernej Simončič http://eternallybored.org/ Anything is possible if you don't know what you'retalking about. -- Green's Law of Debate Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
One time encryption
Fellow list members, I need to send credit card info to a vendor in payment for a part yet to be shipped. Is there an easy way to encrypt the info so it can't be read if it's intercepted in transit and yet *can* be read by the recipient? Or am I worrying about nothing? -- TIA, Jack LaRosa mailto:[EMAIL PROTECTED] Conveying information with The Bat! ver: 3.99.3 Operating? with Windows XP Pro ver 5 build 2600 Service Pack 3 Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
On Monday, September 15, 2008, at 3:23:31 PM, Jack S. LaRosa wrote: I need to send credit card info to a vendor in payment for a part yet to be shipped. Is there an easy way to encrypt the info so it can't be read if it's intercepted in transit and yet *can* be read by the recipient? Or am I worrying about nothing? The easiest way, if you have a fax machine, is to fax him the information. That's a straight phone-line connection, not networked, so the probability of anyone being able to tap into it is very small. In addition, the image format that fax uses is pretty effective as an encryption measure even though it's a published standard. A casual snooper isn't likely to have the necessary tools... -- Jim Kyle Using The Bat! v3.85.03 on Windows 98 4.10 Build A with AntiSpamSniper Version 2.7.1.5 Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
Hi Jack, On Monday, September 15, 2008 at 4:23:31 PM you wrote: JSL Fellow list members, JSL I need to send credit card info to a vendor in payment for a part yet JSL to be shipped. Is there an easy way to encrypt the info so it can't be JSL read if it's intercepted in transit and yet *can* be read by the JSL recipient? Or am I worrying about nothing? We have renters for our cabin send two emails splitting the card between them. If you want, have them send three with the CVV in the third. No one has complained of problems. -- Regards, Maggie Save the earth...it's the only planet with chocolate. Emailing with The Bat! 4.0.34.1 Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: One time encryption
On Monday, September 15, 2008, 4:23:31 PM, you wrote: Or am I worrying about nothing? Maybe I've naive, but I've never had a problem with doing this. If you send your credit card number to the vendor, what happens to it after that? How does the vendor secure it? When I use a credit card in a restaurant, I give it to the waiter and he disappears for several minutes. Does he have a buddy back in the kitchen who collects these numbers for resale? I don't know, but I don't worry about it. Is the internet really any riskier than how I use the card every day? -- Running The Bat! version 4.0.24 under Windows XP Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
