Re: [Sheflug] Re: bounce

["Alex Hudson" <nospam [at] alexhudson.com>]

> > It has everything to do with it from the bank's point of view; the
> > cracker most likely got in through exactly that broadcast medium.  It's
> > much safer than physical entry, and can be automated.  Maybe even with
> > help from the government or ISPs, as Richard would have it.
>
> What stops a company from running their database server on the same
> machine as a web facing httpd installation? So you post them your details
> via snail mail and they get taken anyway. Once the company has your
> details it is out of your hands IMO. They might like to take their
> database and email it to their friends, you can't stop them.

Nothing, but it's not likely, is it?

Speaking from personal experience, I had ~£25 quid taken out of my account
last month. I know how difficult it is to get it back. That level of
transaction needs absolutely no authorisation. The guys doing it (currently
Russians, but could be anyone), take whole databases and run small
transactions on each. This isn't the first time, and the only way I can
guarantee it's the last is by stopping buying things over the internet. It's
not like I shopped on there every week, and I know how to tell a secure site
from an insecure site. It's just too risky.

> I think it's unfair to penalise the consumer when the merchants and the
> banks are usually the weakest link in the process, and usually the source
> of the leaks.

The man on the street always pays in the end..

As Stephen pointed out, he thinks about this stuff stuff for a living. He's
an economist, and a bearded one at that - be afraid :))

Cheers,

Alex.

---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.