funsec mailing list archives
Re: Bank security
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Wed, 22 Jul 2009 20:17:55 -0400
You didn't need to go to that trouble. Next time just ask me and I'll send them an e-mail from you. Larry Seltzer Contributing Editor, PC Magazine larry_seltzer () ziffdavis com http://blogs.pcmag.com/securitywatch/ -----Original Message----- From: Drsolly [mailto:drsollyp () drsolly com] Sent: Wednesday, July 22, 2009 8:16 PM To: Tomas L. Byrnes Cc: Larry Seltzer; funsec () linuxbox org Subject: RE: [funsec] Bank security My bank thinks that PKI is a brand of peanut. They just wanted a plain, vanilla email. And I sent them one. And they're happy. Hey - the email says it came from me, so they have their auditable verification. On Wed, 22 Jul 2009, Tomas L. Byrnes wrote:
Well, if they used PKI, that would be true (that the e-mail could be authenticated whereas the fax cannot). It is true that you can at least verify the final relay MTA, if you control the delivery MTA, which you can't for sure with a fax (caller
ID
can be spoofed). So there is some truth that e-Mail is slightly more verifiable than
fax.
-----Original Message----- From: funsec-bounces () linuxbox org
[mailto:funsec-bounces () linuxbox org]
On Behalf Of Larry Seltzer Sent: Wednesday, July 22, 2009 3:19 AM To: Drsolly; funsec () linuxbox org Subject: Re: [funsec] Bank security OMFG.... Larry Seltzer Contributing Editor, PC Magazine larry_seltzer () ziffdavis com http://blogs.pcmag.com/securitywatch/ -----Original Message----- From: funsec-bounces () linuxbox org
[mailto:funsec-bounces () linuxbox org]
On Behalf Of Drsolly Sent: Wednesday, July 22, 2009 4:44 AM To: funsec () linuxbox org Subject: [funsec] Bank security I sent my bank a fax to tell them about my change of address. They
sent
a fax back, asking me to phone them. The lady I spoke to, said that
they
couldn't do it from a fax, they needed an email. I asked why; she
said
that it was so they could be sure it came from me. Apparently, anyone can send an fax, but if an email has me in the from-line, that proves it came from me. And this is a bank. And we wonder why there's fraud ... _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Bank security Drsolly (Jul 22)
- Re: Bank security Larry Seltzer (Jul 22)
- Re: Bank security John C. A. Bambenek, GCIH, CISSP (Jul 22)
- Re: Bank security Tomas L. Byrnes (Jul 22)
- Re: Bank security Drsolly (Jul 22)
- Re: Bank security Larry Seltzer (Jul 22)
- Re: Bank security Drsolly (Jul 22)
- Re: Bank security Larry Seltzer (Jul 22)
- Re: Bank security Drsolly (Jul 22)
- Re: Bank security Drsolly (Jul 23)
- Re: Bank security Rob Thompson (Jul 23)
- <Possible follow-ups>
- Re: Bank security Drsolly (Jul 22)