PGP "master keys"
Anne & Lynn Wheeler
lynn at garlic.com
Mon May 1 13:56:18 EDT 2006
leichter_jerrold at emc.com wrote:
> A similar issue occurs in a civilian context, sometimes with fake
> employees, other times with fake bills. Often, these get found
> because they rely on the person committing the fraud being there
> every time a check arrives: It's the check sitting around with no
> one speaking for it that raises the alarm. The long-standing
> policy has been to *require* people in a position to handle those
> checks to take their vacation. (Of course, with direct deposit
> of salaries, the form of the fraud, and what one needs to do to
> detect it, have changed in detail - but probably not by much.)
multi-party operations were supposedly countermeasure to single person
insider threads. the fraud response was collusion. so by at least the
early 80s you started seeing work on collusion countermeasures. 25 years
later, things have regressed to a pre-occupation with intrusion threats
and intrusion countermeasures; even tho insiders have continued to be
the major source of fraud through the whole period. insiders may even
leverage the pre-occupation with intrusion to obfuscate the source of
the exploit.
somewhat related issue with regard to sarbanes-oxley and auditing
assumptions about independent information sources looking for
inconsistencies.
http://www.garlic.com/~lynn/2006h.html#58 Sarbanes-Oxley
http://www.garlic.com/~lynn/2006i.html#1 Sarbanes-Oxley
and a couple recent articles about current fraud pre-occupation
SSL Trojans: The next Great Bank Heist
http://www.infoworld.com/reports/18SRsslmalware.html
Ripped Off: Identity Theft - A View from the Financial Services
Industry
http://www.mondaq.com/article.asp?article_id=39334&mostpopular=1
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list