On Wednesday, September 17, 2008, 18:15:58, Thomas Fernandez wrote: > True. But the eavesdropper needs to have physical access to the > appropriate cable at least once, while email can be hacked remotely.
Which is much easier to get than you imagine - most buildings have the phone exchange somewhere in the basement, and it's usually not hard to get to it. Then you just need to tap the appropriate line (which is harder if you don't know the line number in advance, as these places often have several hundred lines going through). Anyway, e-mail is not a secure way to transfer credit card details, unless you encrypt it with the recipient's certificate. The point I was trying to make is that most retailers that have online shops usually have a single database for orders, so it doesn't matter in what way you get your credit card details to them - it'll end up in the same place anyway. And this is the database that must be kept secure (and practically the only source from which an attacker could gain the card number from - all major breaches so far happened because this database wasn't secured properly). > For the technology yes. However, I would believe that the number of > hackers connecting their fax machines (or software equivalent) to > other people's phone/fax lines is less than those intercepting IP > traffic remotely. That's just a guess, I have no figures. You can't intercept IP traffic that doesn't pass through a system under your control. -- < Jernej Simončič ><><><><>< http://eternallybored.org/ > If it's good, they'll stop making it. -- Herblock's Law ________________________________________________ Current version is 4.0.24.0 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html