Scam artists, your web browser, and you

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Today I tried to order some tickets from Miami-Heat-Tickets.com (also
known as Platinumeventsinc.com). A few minutes later they called me up
and told me that the seats I'd bought were coming from Nevada and "he
didn't know if they were available" but he could send me a bunch of
seats that WERE available for more money by email if I'd like.

Sounded like a classic bait and switch to me. Of course, we'd already
entered in our credit card number. I called up the credit card company
and told them the story and they said "Well, whatever. Just tell us if
they charge you".

See, this is why I don't get carding and the big fuss over it. I'm not
liable for that money, and the credit card companies clearly don't
care if I hand my number out to the world. And partially this is why I
think the solution is not Palladium - if I'm dumb enough to give my
credit card number out to a scam artist, that's my problem and no
amount of browser compartmentalization is going to help. But since
everyone is dumb enough to give their credit card number out, it's
really Visa/Mastercard/Amex's problem and they need to either fix it,
or stop wasting tax-payer's money by making the FBI hunt these people
down.

- -dave

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
 
iD8DBQFEYf2itehAhL0gheoRAm1OAJ4h2G4bIvTTt5d/Rum3YEDE6q8V7QCcD7JF
aALJ/F+c2jVaRkalVrbadEk=
=VYF3
-----END PGP SIGNATURE-----