[MUD-Dev] strong encryption for authentication

Dave Rickey daver at mythicentertainment.com
Sun Jul 15 14:07:11 New Zealand Standard Time 2001

-----Original Message-----
From: Jon Lambert <tychomud at ix.netcom.com>

> The server is also in the hands of the enemy.  Just take one of
> the compelling reasons for security; to prevent credit card fraud.
> I don't know if this is common knowledge or not, but by far most
> credit card fraud is perpetrated by employees of the vendor
> receiving the card number!

Kevin Mitnick went to jail for possessing 20,000 credit card numbers
he got from CompuServe.  A company I worked at had a database of
over 200,000 CC numbers, along with the expiration dates, names and
addresses of the holders, *and* the records of the transactions they
had engaged in over the previous 3 years.  Even though the
applications I worked on had absolutely no need for those numbers, a
simple SQL query dumped the whole lot into my system, where I could
have done *anything* with them.  And I was there on a 6-month
contract that was actually with one of their business partners and
was on the payroll of yet a third company (a consulting/contracting
outfit), on paper I never worked there at all (or for any of the
companies actually receiving the funds).

Since I'm not currently living a life of luxury in Rio, you can
assume that I didn't do anything with them.  But I easily could
have, such a setup would be a hackers dream and it wasn't unique.
Most security breaches are committed by people with *authorized*
access to the data.

--Dave Rickey

MUD-Dev mailing list
MUD-Dev at kanga.nu

More information about the MUD-Dev mailing list