Creativity and security

Matt Blaze mab at crypto.com
Tue Mar 28 05:32:45 EST 2006 

On Mar 26, 2006, at 22:07, Joseph Ashwood wrote:

> ----- Original Message ----- From: "J. Bruce Fields"  
> <bfields at fieldses.org>
> Subject: Re: Creativity and security
>
>
>> On Fri, Mar 24, 2006 at 06:47:07PM -0000, Dave Korn wrote:
>>>   IOW, unless we're talking about a corrupt employee with a  
>>> photographic
>>> memory and telescopic eyes,
>>
>> Tiny cameras are pretty cheap these days, aren't they?  The employee
>> would be taking more of a risk at that point though, I guess.
>
> The one I find scarier is the US restaurant method of handling  
> cards. For those of you unfamiliar with it, I hand my card to the  
> waiter/waitress, the card disappears behind a wall for a couple of  
> minutes, and my receipt comes back for to sign along with my card.  
> Just to see if anyone would notice I actually did this experiment  
> with a (trusted) friend that works at a small upscale restaurant. I  
> ate, she took my card in the back, without hiding anything or  
> saying what she was doing she took out her cellphone, snapped a  
> picture, then processes everything as usual. The transaction did  
> not take noticably longer than usual, the picture was very clear,  
> in short, if I hadn't known she was doing this back there I would  
> never have known. Even at a high end restaurant where there are  
> more employees than clients no one paid enough attention in the  
> back to notice this. If it wasn't a trusted friend doing this I  
> would've been very worried.
>                Joe
>

Heh, that's marvelous.

I touched briefly on the awfulness of restaurant payment protocols in my
2004 paper from the Cambridge Protocols Workshop, which you may enjoy:

    M. Blaze. "Toward a broader view of security protocols."
    12th Cambridge International Workshop on Security Protocols.
    Cambridge, UK. April 2004.

    http://www.crypto.com/papers/humancambridgepreproc.pdf

-matt


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list