Creativity and security
Matt Blaze
mab at crypto.com
Tue Mar 28 05:32:45 EST 2006
On Mar 26, 2006, at 22:07, Joseph Ashwood wrote:
> ----- Original Message ----- From: "J. Bruce Fields"
> <bfields at fieldses.org>
> Subject: Re: Creativity and security
>
>
>> On Fri, Mar 24, 2006 at 06:47:07PM -0000, Dave Korn wrote:
>>> IOW, unless we're talking about a corrupt employee with a
>>> photographic
>>> memory and telescopic eyes,
>>
>> Tiny cameras are pretty cheap these days, aren't they? The employee
>> would be taking more of a risk at that point though, I guess.
>
> The one I find scarier is the US restaurant method of handling
> cards. For those of you unfamiliar with it, I hand my card to the
> waiter/waitress, the card disappears behind a wall for a couple of
> minutes, and my receipt comes back for to sign along with my card.
> Just to see if anyone would notice I actually did this experiment
> with a (trusted) friend that works at a small upscale restaurant. I
> ate, she took my card in the back, without hiding anything or
> saying what she was doing she took out her cellphone, snapped a
> picture, then processes everything as usual. The transaction did
> not take noticably longer than usual, the picture was very clear,
> in short, if I hadn't known she was doing this back there I would
> never have known. Even at a high end restaurant where there are
> more employees than clients no one paid enough attention in the
> back to notice this. If it wasn't a trusted friend doing this I
> would've been very worried.
> Joe
>
Heh, that's marvelous.
I touched briefly on the awfulness of restaurant payment protocols in my
2004 paper from the Cambridge Protocols Workshop, which you may enjoy:
M. Blaze. "Toward a broader view of security protocols."
12th Cambridge International Workshop on Security Protocols.
Cambridge, UK. April 2004.
http://www.crypto.com/papers/humancambridgepreproc.pdf
-matt
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list