[cryptography] PKI "fixes" that don't fix PKI (part III)

Ralph Holz holz at net.in.tum.de
Sun Sep 11 09:33:05 EDT 2011


>> But Steve, generic malware runs on your PC or in your browser.  If
>> they wanted to steal card numbers, they'd steal card numbers today,
>> from the browser or by key logging, before the numbers got TLS-ed.
>> Since they don't do it now, I don't see any reason to think they'd do
>> it if it were easier to steal them other places.
> Do you have any data to support your assertion that malware isn't
> stealing credit card numbers from individual PCs?

Wasn't there a paper on the underground economy that investigated such
things by monitoring drop zones? And they found CC numbers, I thought? I
could be wrong. I can't remember the title, but Thorsten Holz was one of
the authors (no, not a relative of mine).


Dipl.-Inform. Ralph Holz
I8: Network Architectures and Services
Technische Universität München

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20110911/6b4102ce/attachment.asc>

More information about the cryptography mailing list