funsec mailing list archives

Re: Bank security

From: "Tomas L. Byrnes" <tomb () byrneit net>
Date: Wed, 22 Jul 2009 11:28:31 -0700

Well, if they used PKI, that would be true (that the e-mail could be
authenticated whereas the fax cannot).

It is true that you can at least verify the final relay MTA, if you
control the delivery MTA, which you can't for sure with a fax (caller ID
can be spoofed).

So there is some truth that e-Mail is slightly more verifiable than fax.

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Larry Seltzer
Sent: Wednesday, July 22, 2009 3:19 AM
To: Drsolly; funsec () linuxbox org
Subject: Re: [funsec] Bank security

OMFG....

Larry Seltzer
Contributing Editor, PC Magazine
larry_seltzer () ziffdavis com
http://blogs.pcmag.com/securitywatch/

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Drsolly
Sent: Wednesday, July 22, 2009 4:44 AM
To: funsec () linuxbox org
Subject: [funsec] Bank security

I sent my bank a fax to tell them about my change of address. They sent
a
fax back, asking me to phone them. The lady I spoke to, said that they
couldn't do it from a fax, they needed an email. I asked why; she said
that it was so they could be sure it came from me.

Apparently, anyone can send an fax, but if an email has me in the
from-line, that proves it came from me.

And this is a bank.

And we wonder why there's fraud ...

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Bank security Drsolly (Jul 22)
- Re: Bank security Larry Seltzer (Jul 22)
  - Re: Bank security John C. A. Bambenek, GCIH, CISSP (Jul 22)
  - Re: Bank security Tomas L. Byrnes (Jul 22)
    - Re: Bank security Drsolly (Jul 22)
    - Re: Bank security Larry Seltzer (Jul 22)
    - Re: Bank security Drsolly (Jul 22)
- Re: Bank security Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 22)
- Re: Bank security Rob Thompson (Jul 22)
  - Re: Bank security Drsolly (Jul 22)
- Re: Bank security Rich Kulawiec (Jul 23)
  - Re: Bank security Drsolly (Jul 23)
  - Re: Bank security Rob Thompson (Jul 23)
- <Possible follow-ups>
- Re: Bank security Drsolly (Jul 22)