[cryptography] PKI "fixes" that don't fix PKI (part III)
andy at steingruebl.com
Sat Sep 10 19:53:39 EDT 2011
On Sat, Sep 10, 2011 at 4:46 PM, John Levine <johnl at iecc.com> wrote:
> But Steve, generic malware runs on your PC or in your browser. If
> they wanted to steal card numbers, they'd steal card numbers today,
> from the browser or by key logging, before the numbers got TLS-ed.
> Since they don't do it now, I don't see any reason to think they'd do
> it if it were easier to steal them other places.
Do you have any data to support your assertion that malware isn't
stealing credit card numbers from individual PCs?
More information about the cryptography