CDR: Re: Good work by FBI and SEC on Emulex fraud case
Bill Stewart
bill.stewart at pobox.com
Wed Sep 6 11:44:35 PDT 2000
>At 1:12 PM -0700 8/31/00, Eric Murray wrote:
>>A small note: IW digitally-signing the releases would not
>>have made a difference in this case-- the guy used his knowledge
>>of IW's procedures to social-engineer IW into accepting the
>>fake release without doing their usual checking procedures.
At 01:22 PM 8/31/00 -0700, Tim May wrote:
>The system I envision would mean each chunk of text ("press release")
>would carry a digital sig, which could be checked multiple times.
>Hard for social engineering to get past the fact that Emulex, say,
>had not digitally signed their own alleged press release.
How often do people check signatures?
If they check them, and they pass, how often do they check keys?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
More information about the cypherpunks-legacy
mailing list