funsec mailing list archives
Re: PayPal Plans Payments Via Text Message?
From: Valdis.Kletnieks () vt edu
Date: Thu, 23 Mar 2006 13:32:19 -0500
On Thu, 23 Mar 2006 01:57:17 PST, "Mark P. Fister" said:
"Accidents happen, ya know? It would really be a shame if we forgot your secret code that protected you against unauthorized users...." I'm not sure if I'm more scared of hackers, or money-grubbing malevolence on PayPal's part.....Huh? Please explain your email. 1. "We forgot your secret code"... ? I'm confused. Does PayPal have a history of forgetting things? As a Principal Software Engineer at PayPal, I may be able to help do something about that, if you think so.
Sorry - it's my *job* to think about how many different ways things can go wrong. Since everybody else and their pet llama George picked up the *obvious* threat there, I picked the less obvious "Paypal uses this as a new profit center" threat. (Your company isn't alone - see AOL/GoodMail and all the followers of the BellSouth "the web site should pay to get data to the customers" for further examples of this same phenomenon/mindset)
2. "Money-grubbing malevolence"? I'd like to think that you're merely frustrated about one thing or another, and not actually trying to suggest that PayPal or its policies are truly malevolent for its own profit.
In the current US legal environment, corporations are almost *forced* to be malevolent for their own profit (as their responsibility is to the share holders, not the customers). As a result, when it comes down to a choice between "a way to get another $4/year per customer" and "we do it for free and swallow the costs because it's The Right Thing To Do", upper management will almost certainly Do The Wrong Thing. If faced with a shareholder lawsuit that alleges the management passed up an obvious way to increase profits by $4/customer/year, across your tens of millions of customers, what would the defense be?
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- PayPal Plans Payments Via Text Message? Fergie (Mar 22)
- Re: PayPal Plans Payments Via Text Message? Valdis . Kletnieks (Mar 22)
- Re: PayPal Plans Payments Via Text Message? Mark P. Fister (Mar 23)
- Re: PayPal Plans Payments Via Text Message? security curmudgeon (Mar 23)
- Re: PayPal Plans Payments Via Text Message? Valdis . Kletnieks (Mar 23)
- Re: PayPal Plans Payments Via Text Message? Mark P. Fister (Mar 24)
- Re: PayPal Plans Payments Via Text Message? Mark P. Fister (Mar 23)
- Re: PayPal Plans Payments Via Text Message? Valdis . Kletnieks (Mar 22)
- Re: PayPal Plans Payments Via Text Message? Mark P. Fister (Mar 23)
- <Possible follow-ups>
- Re: PayPal Plans Payments Via Text Message? Fergie (Mar 23)
- Re: PayPal Plans Payments Via Text Message? Mark P. Fister (Mar 24)