CDR: Re: Good work by FBI and SEC on Emulex fraud case
Tim May
tcmay at got.net
Wed Sep 6 14:02:56 PDT 2000
At 11:44 AM -0700 9/6/00, Bill Stewart wrote:
> >At 1:12 PM -0700 8/31/00, Eric Murray wrote:
>>>A small note: IW digitally-signing the releases would not
>>>have made a difference in this case-- the guy used his knowledge
>>>of IW's procedures to social-engineer IW into accepting the
>>>fake release without doing their usual checking procedures.
>
>At 01:22 PM 8/31/00 -0700, Tim May wrote:
>>The system I envision would mean each chunk of text ("press release")
>>would carry a digital sig, which could be checked multiple times.
>>Hard for social engineering to get past the fact that Emulex, say,
>>had not digitally signed their own alleged press release.
>
>How often do people check signatures?
>If they check them, and they pass, how often do they check keys?
>
Don't know. But not the problem of those issuing press releases. That
_some_ people check signatures, whether electronic or inked, and
_other_ people _don't_ doesn't lessen the significance of signing.
Those who bother to check a putative press release and find the
attached signature doesn't match what they have seen from Web sites
(and related "widely witnessed events," including hashes published in
the company's financial documents, etc.) will have competitive
advantages over those who don't bother to check and just hit the
panic button.
Sounds fair to me. Sounds like evolution in action.
--Tim May
--
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
"Cyphernomicon" | black markets, collapse of governments.
More information about the cypherpunks-legacy
mailing list