[funsec] Bank security

Larry Seltzer larry at larryseltzer.com
Wed Jul 22 19:17:55 CDT 2009


You didn't need to go to that trouble. Next time just ask me and I'll
send them an e-mail from you.

Larry Seltzer
Contributing Editor, PC Magazine
larry_seltzer at ziffdavis.com 
http://blogs.pcmag.com/securitywatch/


-----Original Message-----
From: Drsolly [mailto:drsollyp at drsolly.com] 
Sent: Wednesday, July 22, 2009 8:16 PM
To: Tomas L. Byrnes
Cc: Larry Seltzer; funsec at linuxbox.org
Subject: RE: [funsec] Bank security

My bank thinks that PKI is a brand of peanut.

They just wanted a plain, vanilla email. And I sent them one. And
they're 
happy. Hey - the email says it came from me, so they have their
auditable 
verification.

On Wed, 22 Jul 2009, Tomas L. Byrnes wrote:

> Well, if they used PKI, that would be true (that the e-mail could be
> authenticated whereas the fax cannot).
> 
> It is true that you can at least verify the final relay MTA, if you
> control the delivery MTA, which you can't for sure with a fax (caller
ID
> can be spoofed).
> 
> So there is some truth that e-Mail is slightly more verifiable than
fax.
> 
> 
> 
> >-----Original Message-----
> >From: funsec-bounces at linuxbox.org
[mailto:funsec-bounces at linuxbox.org]
> >On Behalf Of Larry Seltzer
> >Sent: Wednesday, July 22, 2009 3:19 AM
> >To: Drsolly; funsec at linuxbox.org
> >Subject: Re: [funsec] Bank security
> >
> >OMFG....
> >
> >Larry Seltzer
> >Contributing Editor, PC Magazine
> >larry_seltzer at ziffdavis.com
> >http://blogs.pcmag.com/securitywatch/
> >
> >
> >-----Original Message-----
> >From: funsec-bounces at linuxbox.org
[mailto:funsec-bounces at linuxbox.org]
> >On Behalf Of Drsolly
> >Sent: Wednesday, July 22, 2009 4:44 AM
> >To: funsec at linuxbox.org
> >Subject: [funsec] Bank security
> >
> >I sent my bank a fax to tell them about my change of address. They
sent
> >a
> >fax back, asking me to phone them. The lady I spoke to, said that
they
> >couldn't do it from a fax, they needed an email. I asked why; she
said
> >that it was so they could be sure it came from me.
> >
> >Apparently, anyone can send an fax, but if an email has me in the
> >from-line, that proves it came from me.
> >
> >And this is a bank.
> >
> >And we wonder why there's fraud ...
> >
> >_______________________________________________
> >Fun and Misc security discussion for OT posts.
> >https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> >Note: funsec is a public and open mailing list.
> >
> >
> >
> >_______________________________________________
> >Fun and Misc security discussion for OT posts.
> >https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> >Note: funsec is a public and open mailing list.
> 






More information about the funsec mailing list