Rubber hose attack
pasward at big.uwaterloo.ca
pasward at big.uwaterloo.ca
Fri Nov 2 15:41:41 EST 2001
P.J. Ponder writes:
> The default settings will be the permanent settings for many users, and if
> it is easier to buy something through a .Net affiliate than to shop
> around, then the .Net sites will get a certain percentage of users just by
> 'default'. They won't get all, certainly, but they will get some just
> because of the path of least resistance.
But it doesn't even matter whether or not you shop around to find a
non-.Net provider. What matters is whether or not your credit, etc.,
information travels over the .Net system at some point. You have no
way of knowing that!
A year or so ago there was an article in comp.risks about a web site
that some user felt was insecure, for whatever reason (though not with
respect to the security of the communication). It gave the option of
'phoning in the order instead of using the browser. The problem was,
the person at the other end of the 'phone simply entered the data into
the web site.
Paul
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list