funsec mailing list archives
Re: Bank security
From: Drsolly <drsollyp () drsolly com>
Date: Thu, 23 Jul 2009 01:20:15 +0100 (BST)
I already sent your bank an email, notifying them of your change of email address. On Wed, 22 Jul 2009, Larry Seltzer wrote:
You didn't need to go to that trouble. Next time just ask me and I'll send them an e-mail from you. Larry Seltzer Contributing Editor, PC Magazine larry_seltzer () ziffdavis com http://blogs.pcmag.com/securitywatch/ -----Original Message----- From: Drsolly [mailto:drsollyp () drsolly com] Sent: Wednesday, July 22, 2009 8:16 PM To: Tomas L. Byrnes Cc: Larry Seltzer; funsec () linuxbox org Subject: RE: [funsec] Bank security My bank thinks that PKI is a brand of peanut. They just wanted a plain, vanilla email. And I sent them one. And they're happy. Hey - the email says it came from me, so they have their auditable verification. On Wed, 22 Jul 2009, Tomas L. Byrnes wrote:Well, if they used PKI, that would be true (that the e-mail could be authenticated whereas the fax cannot). It is true that you can at least verify the final relay MTA, if you control the delivery MTA, which you can't for sure with a fax (callerIDcan be spoofed). So there is some truth that e-Mail is slightly more verifiable thanfax.-----Original Message----- From: funsec-bounces () linuxbox org[mailto:funsec-bounces () linuxbox org]On Behalf Of Larry Seltzer Sent: Wednesday, July 22, 2009 3:19 AM To: Drsolly; funsec () linuxbox org Subject: Re: [funsec] Bank security OMFG.... Larry Seltzer Contributing Editor, PC Magazine larry_seltzer () ziffdavis com http://blogs.pcmag.com/securitywatch/ -----Original Message----- From: funsec-bounces () linuxbox org[mailto:funsec-bounces () linuxbox org]On Behalf Of Drsolly Sent: Wednesday, July 22, 2009 4:44 AM To: funsec () linuxbox org Subject: [funsec] Bank security I sent my bank a fax to tell them about my change of address. Theysenta fax back, asking me to phone them. The lady I spoke to, said thattheycouldn't do it from a fax, they needed an email. I asked why; shesaidthat it was so they could be sure it came from me. Apparently, anyone can send an fax, but if an email has me in the from-line, that proves it came from me. And this is a bank. And we wonder why there's fraud ... _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Bank security Drsolly (Jul 22)
- Re: Bank security Larry Seltzer (Jul 22)
- Re: Bank security John C. A. Bambenek, GCIH, CISSP (Jul 22)
- Re: Bank security Tomas L. Byrnes (Jul 22)
- Re: Bank security Drsolly (Jul 22)
- Re: Bank security Larry Seltzer (Jul 22)
- Re: Bank security Drsolly (Jul 22)
- Re: Bank security Larry Seltzer (Jul 22)
- Re: Bank security Drsolly (Jul 22)
- Re: Bank security Drsolly (Jul 23)
- Re: Bank security Rob Thompson (Jul 23)
- <Possible follow-ups>
- Re: Bank security Drsolly (Jul 22)