Banking Follies

Adam Shostack adam at
Tue Jan 16 14:36:18 EST 2007

On Sun, Jan 14, 2007 at 03:31:22PM -0500, Steven M. Bellovin wrote:
| Anyway -- we're so focused in this group on the Internet that we
| sometimes forget about physical world attacks.  Theft of financial data
| (and financial objects, such as checks and credit cards) from physical
| mailboxes (or garbage cans) is quite commonplace, and is -- according to
| some -- a more significant vector for identity theft than Internet fun
| and games.  The Wall Street Journal advised people to use electronic
| statements for just that reason (see
| also note the list at

If I had any confidence that my banks would send me emails that I
could authenticate, I might take that advice.  My banks seem to take
pleasure in overcoming every hueristic I can find for authentication,
sending emails from arbitrary domains, obfuscating their HTML, etc,

At least none (that have made it through my spam filter) have fallen
to the level of AT&T Wireless (or perhaps they were Cingular at that
point) who sent me a Javascript executable email encrypted with my SSN
as the key.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list