funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Verified by ....

From: <michael.blanchard () emc com>
Date: Tue, 5 Apr 2011 10:38:46 -0400
True, if it's a reputable company, you really don't have to rely on the CoA, but it's good to have if you ever want to 
sell that item.  "reputable company" is the key for sure :)
  But, I've seen tons of Ebay auctions with CoA's that are just a piece of paper without apparent CoA serial numbers.  
I bought a knife at a gun show years back, it was a Chinese display type thing in the shape of a dragon, it was cheap 
and I thought it was cool so I bought it.  It came with a CoA, no serial numbers,  just small paragraph on it stating 
it was genuine.  The blade itself was "limited edition collectable" or something like that...  that type of CoA is 
worthless IMHO :)

 LOL, who knows, maybe in 50 years that "worthless" CoA might be worth more than the dagger :)

Michael P. Blanchard
Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
Office of Information Security & Risk Management
EMC ² Corporation
32 Coslin Drive
Southboro, MA 01772

From: Patrick Laverty [mailto:patrick_laverty () brown edu]
Sent: Tuesday, April 05, 2011 9:26 AM
To: Blanchard, Michael (InfoSec)
Cc: funsec () linuxbox org
Subject: Re: [funsec] Verified by ....

 I always get a kick out of the "certificates of Authenticity" that people give with an autograph or some other 
collectable item.  Hell, I can print a million of those certificates and have someone's signature printed on them 
too... with a cool color shifting "official seal" too!

Without trying to hijack, actually if it's a good company giving out the CoA, then it has a number on it that matches 
to a database in the company that will tell you exactly what the item is and who the autograph is of.  Sometimes, the 
item will have a second serial number that is also matched in the database.  Now, if you can print up a million of 
those CoAs AND get that info into their database, sure, you've beat the system.  But simply printing up a CoA from a 
reputable company doesn't get the job done.  If you're selling fake memorabilia to someone who doesn't check the serial 
number, then they're not someone who needs a CoA anyway.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: