[cryptography] PKI "fixes" that don't fix PKI (part III)
holz at net.in.tum.de
Sun Sep 11 09:33:05 EDT 2011
>> But Steve, generic malware runs on your PC or in your browser. If
>> they wanted to steal card numbers, they'd steal card numbers today,
>> from the browser or by key logging, before the numbers got TLS-ed.
>> Since they don't do it now, I don't see any reason to think they'd do
>> it if it were easier to steal them other places.
> Do you have any data to support your assertion that malware isn't
> stealing credit card numbers from individual PCs?
Wasn't there a paper on the underground economy that investigated such
things by monitoring drop zones? And they found CC numbers, I thought? I
could be wrong. I can't remember the title, but Thorsten Holz was one of
the authors (no, not a relative of mine).
Dipl.-Inform. Ralph Holz
I8: Network Architectures and Services
Technische Universität München
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: OpenPGP digital signature
More information about the cryptography