funsec mailing list archives
Re: Verified by ....
From: Drsolly <drsollyp () drsolly com>
Date: Tue, 5 Apr 2011 00:04:59 +0100 (BST)
It's like this. If someone bets you $100 that they can make the ace of spades leap out of the pack and spit cider in your ear, don't take the bet, or you're wind up with an earful of cider. In this case, the possible-scammer is telling me that the thing that he is able to make, the pink heat sensitive thingy, proves that it is what he says it is. No, it doesn't. It only proves that he can make a piece of paper wioth a heat-sensitive thingy. The key to this will be, can I giv4e it to my bank and get cash from it? If I can, then it becomes SEP. On Mon, 4 Apr 2011 michael.blanchard () emc com wrote:
It's just a bit harder to counterfeit with the little heat sensitive doo-dad on it. It also gives "normal" people the warm and fuzzies. People like things like that, makes them feel that the company is serious about security. In reality, it's no better than a picture of my big toe on the thing.... or, as you say, the words printed "I'm genuine" I always get a kick out of the "certificates of Authenticity" that people give with an autograph or some other collectable item. Hell, I can print a million of those certificates and have someone's signature printed on them too... with a cool color shifting "official seal" too! Mike B Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security & Risk Management EMC ² Corporation 32 Coslin Drive Southboro, MA 01772 -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Drsolly Sent: Monday, April 04, 2011 3:41 PM To: funsec () linuxbox org Subject: [funsec] Verified by .... I just got a moneygram. There's this cute thing thats a pink stop sign, it's heat sensitive, if you touch it, it fades and the reappears. It tells you so on the moneygram, and it's true. I'm confused about why they think that this is any different from a document that says "I'm genuine". And I still can't get my bank to believe that asking me for my date of birth is any kind of evidence that I am who I say I am. Don't these people have *any* kind of security theory training? Or even any common sense? _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Verified by .... Drsolly (Apr 04)
- Re: Verified by .... Valdis . Kletnieks (Apr 04)
- Re: Verified by .... Drsolly (Apr 04)
- Re: Verified by .... michael.blanchard (Apr 04)
- Re: Verified by .... Drsolly (Apr 04)
- Re: Verified by .... Valdis . Kletnieks (Apr 04)
- Message not available
- Re: Verified by .... michael.blanchard (Apr 05)
- Re: Verified by .... Drsolly (Apr 04)
- Re: Verified by .... Valdis . Kletnieks (Apr 04)