7 Sep
2000
7 Sep
'00
1:49 a.m.
At 1:12 PM -0700 8/31/00, Eric Murray wrote:
A small note: IW digitally-signing the releases would not have made a difference in this case-- the guy used his knowledge of IW's procedures to social-engineer IW into accepting the fake release without doing their usual checking procedures.
At 01:22 PM 8/31/00 -0700, Tim May wrote:
The system I envision would mean each chunk of text ("press release") would carry a digital sig, which could be checked multiple times. Hard for social engineering to get past the fact that Emulex, say, had not digitally signed their own alleged press release.
How often do people check signatures? If they check them, and they pass, how often do they check keys? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1