Banking Follies
Adam Shostack
adam at homeport.org
Tue Jan 16 14:36:18 EST 2007
On Sun, Jan 14, 2007 at 03:31:22PM -0500, Steven M. Bellovin wrote:
| Anyway -- we're so focused in this group on the Internet that we
| sometimes forget about physical world attacks. Theft of financial data
| (and financial objects, such as checks and credit cards) from physical
| mailboxes (or garbage cans) is quite commonplace, and is -- according to
| some -- a more significant vector for identity theft than Internet fun
| and games. The Wall Street Journal advised people to use electronic
| statements for just that reason (see
| http://online.wsj.com/article/SB116830855255470919-search.html?KEYWORDS=%22identity+theft%22&COLLECTION=wsjie/6month);
| also note the list at
| http://www.identitytheftassistance.org/How_Criminals_Steal.html
If I had any confidence that my banks would send me emails that I
could authenticate, I might take that advice. My banks seem to take
pleasure in overcoming every hueristic I can find for authentication,
sending emails from arbitrary domains, obfuscating their HTML, etc,
etc.
At least none (that have made it through my spam filter) have fallen
to the level of AT&T Wireless (or perhaps they were Cingular at that
point) who sent me a Javascript executable email encrypted with my SSN
as the key.
Adam
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list