Re: Verified by ....

[Drsolly <drsollyp () drsolly com>]

It's like this.

If someone bets you $100 that they can make the ace of spades leap out of 
the pack and spit cider in your ear, don't take the bet, or you're wind up 
with an earful of cider.

In this case, the possible-scammer is telling me that the thing that he is 
able to make, the pink heat sensitive thingy, proves that it is what he 
says it is.

No, it doesn't. It only proves that he can make a piece of paper wioth a 
heat-sensitive thingy.

The key to this will be, can I giv4e it to my bank and get cash from it? 
If I can, then it becomes SEP.

On Mon, 4 Apr 2011 michael.blanchard () emc com wrote:

> It's just a bit harder to counterfeit with the little heat sensitive doo-dad on it.
>
> It also gives "normal" people the warm and fuzzies.  People like things like that, makes them feel that the company 
> is serious about security.  In reality, it's no better than a picture of my big toe on the thing....  or, as you say, 
> the words printed "I'm genuine"
>
>   I always get a kick out of the "certificates of Authenticity" that people give with an autograph or some other 
> collectable item.  Hell, I can print a million of those certificates and have someone's signature printed on them 
> too... with a cool color shifting "official seal" too!
>
>  Mike B
>
> Michael P. Blanchard
> Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
> Office of Information Security & Risk Management
> EMC ² Corporation
> 32 Coslin Drive
> Southboro, MA 01772
>
>
> -----Original Message-----
> From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Drsolly
> Sent: Monday, April 04, 2011 3:41 PM
> To: funsec () linuxbox org
> Subject: [funsec] Verified by ....
>
> I just got a moneygram. There's this cute thing thats a pink stop sign, 
> it's heat sensitive, if you touch it, it fades and the reappears. It tells 
> you so on the moneygram, and it's true.
>
> I'm confused about why they think that this is any different from a 
> document that says "I'm genuine".
>
> And I still can't get my bank to believe that asking me for my date of 
> birth is any kind of evidence that I am who I say I am.
>
>
> Don't these people have *any* kind of security theory training? Or even 
> any common sense?
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.