[cryptography] PKI "fixes" that don't fix PKI (part III)

Andy Steingruebl andy at steingruebl.com
Sat Sep 10 19:53:39 EDT 2011


On Sat, Sep 10, 2011 at 4:46 PM, John Levine <johnl at iecc.com> wrote:
>
> But Steve, generic malware runs on your PC or in your browser.  If
> they wanted to steal card numbers, they'd steal card numbers today,
> from the browser or by key logging, before the numbers got TLS-ed.
> Since they don't do it now, I don't see any reason to think they'd do
> it if it were easier to steal them other places.

Do you have any data to support your assertion that malware isn't
stealing credit card numbers from individual PCs?

- Andy



More information about the cryptography mailing list