|
interesting-people message[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home] Subject: [IP] more on Felon released after receiving forged fax
Begin forwarded message: From: Bob Frankston <Bob2-0406@bobf.frankston.com> Date: November 11, 2004 2:25:09 PM EST To: dave@farber.net, 'Ip' <ip@v2.listbox.com> Subject: RE: [IP] Felon released after receiving forged fax Nothing amazing except that it's surprisingly uncommon but this particular scam is not new but it's also part of a far older tradition. Letters of credit sent by telex were easy to forge. For all the talk about digital security, the legal system seems to assume treat faxes as security and pass around detached signature pages when it would be trivial to add a digital signature that associates the page with a specific instance of a document. The practice of creating multi hundred page documents with no way to check against a base document or previous revision is also common. This is part of the gross and willful technical naiveté of the legal "profession". In their defense being too careful comes at a price and it's like over insuring -- fixing things up later is often far better even if we get occasional slipups. The effective answer is somewhere between. What makes phishing a particularly nasty form of these scams or, more to the point, confidence games, is that it's reaching out to a wider audience that lacks the means to do a reality check. We haven't really developed such means yet -- the best you can do is eyeball the URL in a browser to see if you think it's right. Certification and all are only relative to certifiers who trust and the current approaches are stiflingly hierarchical. Getting back to this particular case, we have the problem of open loop signaling. At very least one can reduce these problems by having a policy of doing what some of us call reality checking -- phoning the court house for confirmation. Of course, it's far easier to call the number on the fax than looking it up... -----Original Message----- From: owner-ip@v2.listbox.com [mailto:owner-ip@v2.listbox.com] On Behalf Of David Farber Sent: Thursday, November 11, 2004 11:16 To: Ip Subject: [IP] Felon released after receiving forged fax Begin forwarded message: From: Srini RamaKrishnan <cheeni@cmu.edu> Date: November 11, 2004 11:11:28 AM EST To: dave@farber.net Subject: [For IP] Felon released after receiving forged fax Amazing case of social hacking. Srini http://www.theeveningtimes.com/articles/2004/11/04/news/news5.txt [...] In West Memphis District Court yesterday, Tristian Wilson was set to appear on the docket for a bond hearing on the charges. When he did not appear, Judge William "Pal" Rainey inquired about his release and found that a jail staff member released Wilson by the authority of a fax sent to the jail late Saturday night. According to Assistant Chief Mike Allen, a fax was sent to the jail which stated "Upon decision between Judge Rainey and the West Memphis Police Department CID Division Tristian Wilson is to be released immediately on this date of October 30, 2004 with a waiver of all fines, bonds and settlements per Judge Rainey and Detective McDugle." Jail Administrator Mickey Thornton said that these faxes are part of a normal routine for the jail when it comes to releasing prisoners, however, this fax was different. According to Allen, this fax was a fake. [...] Also see, http://www.schneier.com/blog/archives/2004/11/hacking_faxes.html ------------------------------------- You are subscribed as BobIP@Bobf.Frankston.com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Archives at: http://www.interesting-people.org/archives/interesting-people/ [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home] Search: Match: Sort by: Powered by eList eXpress LLC |