From ukcrypto at chiark.greenend.org.uk Mon Jun 18 14:22:10 2007 From: ukcrypto at chiark.greenend.org.uk (Adrian Midgley) Date: Mon, 18 Jun 2007 14:22:10 +0100 Subject: Pseudonymisation of identities in BT's projected NHS Spine Message-ID: <46768702.7010206@defoam.net> This is to be done by software from Sapior, whose managing director, Robert Navarro, assures us it is adequate to the currently envisaged or declared task. (Pulse, newspaper for GPs this week) From ukcrypto at chiark.greenend.org.uk Mon Jun 18 17:38:01 2007 From: ukcrypto at chiark.greenend.org.uk (Ian G Batten) Date: Mon, 18 Jun 2007 17:38:01 +0100 Subject: Pseudonymisation of identities in BT's projected NHS Spine In-Reply-To: <46768702.7010206@defoam.net> References: <46768702.7010206@defoam.net> Message-ID: On 18 Jun 2007, at 14:22, Adrian Midgley wrote: > This is to be done by software from Sapior, whose managing director, > Robert Navarro, assures us it is adequate to the currently > envisaged or > declared task. (Pulse, newspaper for GPs this week) Perhaps we should ask Mr Grainger for his opinion? ian From ukcrypto at chiark.greenend.org.uk Mon Jun 18 16:13:09 2007 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Mon, 18 Jun 2007 16:13:09 +0100 Subject: Pseudonymisation of identities in BT's projected NHS Spine Message-ID: <4676AF15.23395.11E81F6@localhost> On 18 Jun 2007 at 14:22, Adrian Midgley wrote: > This is to be done by software from Sapior, whose managing director, > Robert Navarro, assures us it is adequate to the currently envisaged > or declared task. (Pulse, newspaper for GPs this week) Whether it is adequate and whether it is adequate for the currently envisaged or designed task are two very distinct questions. Given the total lack of brain the NHS have demonstrated for years, anyone remember Red Herring, it is unlikely that they can envisage anything useful. I have no idea about the currently declared task, but assume it was devised by the same bods responsible for all the cockups we hear about. These things are certainly not adequate. A case in point is the stupid database in England on all children, which will allow thousands of officials to prey on children. I see that they now propose that children of "famous" people will be "shielded". Why should "famous" people be exempt? Presumably what this means is that any Tom, Dick and Harriet official will not be allowed to find out that Mr Liar's daughter tried to kill herself, but they will be able to find out that the daughters of plebs tried to kill themself. -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Mon Jun 18 23:15:01 2007 From: ukcrypto at chiark.greenend.org.uk (Brian Morrison) Date: Mon, 18 Jun 2007 23:15:01 +0100 Subject: Pseudonymisation of identities in BT's projected NHS Spine In-Reply-To: References: <46768702.7010206@defoam.net> Message-ID: <20070618231501.24f0225a@peterson.fenrir.org.uk> --Sig_wt_+BW6Nw_lPOGORJjOq3qb Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Mon, 18 Jun 2007 17:38:01 +0100 Ian G Batten wrote: >=20 > On 18 Jun 2007, at 14:22, Adrian Midgley wrote: >=20 > > This is to be done by software from Sapior, whose managing director, > > Robert Navarro, assures us it is adequate to the currently =20 > > envisaged or > > declared task. (Pulse, newspaper for GPs this week) >=20 > Perhaps we should ask Mr Grainger for his opinion? Apparently he's resigned, I read today. Or is that the thrust of yur question Ian? --=20 Brian Morrison bdm at fenrir dot org dot uk "Arguing with an engineer is like wrestling with a pig in the mud; after a while you realize you are muddy and the pig is enjoying it." =20 GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html --Sig_wt_+BW6Nw_lPOGORJjOq3qb Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGdwPl9BNjUd4y5cURAp7DAKCVB4GdrM+Xr0Uebz6qHq1qDBDJ5QCgjFY/ 240hDDvn0yNYgwm+jih4pKw= =u7Tj -----END PGP SIGNATURE----- --Sig_wt_+BW6Nw_lPOGORJjOq3qb-- From ukcrypto at chiark.greenend.org.uk Tue Jun 19 09:22:59 2007 From: ukcrypto at chiark.greenend.org.uk (Ian G Batten) Date: Tue, 19 Jun 2007 09:22:59 +0100 Subject: Pseudonymisation of identities in BT's projected NHS Spine In-Reply-To: <20070618231501.24f0225a@peterson.fenrir.org.uk> References: <46768702.7010206@defoam.net> <20070618231501.24f0225a@peterson.fenrir.org.uk> Message-ID: <23A5B532-B0CA-4C53-89D6-1FA0E0FE15F0@uk.fujitsu.com> On 18 Jun 2007, at 23:15, Brian Morrison wrote: > O >> Perhaps we should ask Mr Grainger for his opinion? > > Apparently he's resigned, I read today. Or is that the thrust of yur > question Ian? It is, indeed, the thrust of my question. ian From ukcrypto at chiark.greenend.org.uk Tue Jun 19 14:12:25 2007 From: ukcrypto at chiark.greenend.org.uk (Adrian Midgley) Date: Tue, 19 Jun 2007 14:12:25 +0100 Subject: Pseudonymisation of identities in BT's projected NHS Spine In-Reply-To: <20070618231501.24f0225a@peterson.fenrir.org.uk> References: <46768702.7010206@defoam.net> <20070618231501.24f0225a@peterson.fenrir.org.uk> Message-ID: <4677D639.5090208@defoam.net> Brian Morrison wrote: >> Perhaps we should ask Mr Grainger for his opinion? >> > > Apparently he's resigned, I read today. Or is that the thrust of yur > question Ian? > > He had only intended to work at NPfIT/CfH/NHSCfH for five years, by one, official account. A week or two ago he is reported to have said to a newspaper that he wished or looked forward to steering the programme into calmer waters. Hell of a week. From ukcrypto at chiark.greenend.org.uk Wed Jun 20 19:19:24 2007 From: ukcrypto at chiark.greenend.org.uk (Ross Anderson) Date: Wed, 20 Jun 2007 19:19:24 +0100 Subject: Newsnight tonight Message-ID: We helped make a piece on ATM fraud a few weeks ago for Newsnight, pointing out that law enforcement on bank fraud is now deeply corrupt. The Home Office did a deal with the banks so that fraud victims must report the crime to the bank, not the police; the City force's card squad is a tied cottage (as Nick put it) as the banks pays its bills; ditto the Met's e-crime squad; ditto the Financial services ombudsman. This is jolly nice for the banks when the fraud is done by a bent insider they don't want exposed, and jolly nasty for the poor customer. It's also jolly nice for terrorists such as the Tamil Tigers who use ATM fraud to raise money to finance murder and mayhem. It's really wonderful for government spin doctors as fraud figures have fallen to near zero. I'm now told that the programme will run tonight. Unfortunately a lot of its teeth have been drawn (below) Ross ** Date: Wed, 20 Jun 2007 19:09:10 BST To: From: *** @bbc.co.uk> Subject: newsnight Just to let you know. The piece will run tonight. Sadly we could only include a small part of your magnificent contribution, so the angle about the tamil tigers was dropped, against my wishes. The banks spokesman is coming on afterwards. The Home Office and ACPO both refused to appear. Regards *** From ukcrypto at chiark.greenend.org.uk Wed Jun 20 21:44:24 2007 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Wed, 20 Jun 2007 21:44:24 +0100 Subject: Newsnight tonight In-Reply-To: References: Message-ID: <467991A8.1020809@iosis.co.uk> Pity you didn't do it for Channel 4. Peter Ross Anderson wrote: > We helped make a piece on ATM fraud a few weeks ago for Newsnight, > pointing out that law enforcement on bank fraud is now deeply > corrupt. The Home Office did a deal with the banks so that fraud > victims must report the crime to the bank, not the police; the City > force's card squad is a tied cottage (as Nick put it) as the banks > pays its bills; ditto the Met's e-crime squad; ditto the Financial > services ombudsman. This is jolly nice for the banks when the fraud > is done by a bent insider they don't want exposed, and jolly nasty > for the poor customer. It's also jolly nice for terrorists such as > the Tamil Tigers who use ATM fraud to raise money to finance murder > and mayhem. It's really wonderful for government spin doctors as > fraud figures have fallen to near zero. > > I'm now told that the programme will run tonight. Unfortunately a lot > of its teeth have been drawn (below) > > Ross > > ** > > Date: Wed, 20 Jun 2007 19:09:10 BST To: > From: *** @bbc.co.uk> Subject: > newsnight > > Just to let you know. The piece will run tonight. Sadly we could > only include a small part of your magnificent contribution, so the > angle about the tamil tigers was dropped, against my wishes. The > banks spokesman is coming on afterwards. The Home Office and ACPO > both refused to appear. > > Regards > > *** From ukcrypto at chiark.greenend.org.uk Thu Jun 21 09:11:13 2007 From: ukcrypto at chiark.greenend.org.uk (Ian G Batten) Date: Thu, 21 Jun 2007 09:11:13 +0100 Subject: Newsnight tonight In-Reply-To: References: Message-ID: On 20 Jun 2007, at 19:19, Ross Anderson wrote: > We helped make a piece on ATM fraud a few weeks ago for Newsnight, > pointing That presumably explains why I had slightly dislocating experience this morning of glancing from loading weights onto a bar to see Ross's face on the big screen TV... ian From ukcrypto at chiark.greenend.org.uk Thu Jun 21 10:16:34 2007 From: ukcrypto at chiark.greenend.org.uk (Russell Wykes) Date: Thu, 21 Jun 2007 10:16:34 +0100 Subject: Newsnight tonight References: Message-ID: <000001c7b3e5$012baa30$0200a8c0@russelldesktop> ----- Original Message ----- From: "Ian G Batten" To: Sent: Thursday, June 21, 2007 9:11 AM Subject: Re: Newsnight tonight > > On 20 Jun 2007, at 19:19, Ross Anderson wrote: > >> We helped make a piece on ATM fraud a few weeks ago for Newsnight, >> pointing > > That presumably explains why I had slightly dislocating experience this > morning of glancing from loading weights onto a bar to see Ross's face on > the big screen TV... > > ian > > Ross's contribution, as we might expect, was superbly competent. Which is more than could be said for Sandra Quinn from APACS in the subsequent interviw with Jeremy Paxman. The words 'struggling' and 'out of her depth' spring to mind. Russ From ukcrypto at chiark.greenend.org.uk Thu Jun 21 15:15:44 2007 From: ukcrypto at chiark.greenend.org.uk (David Hansen) Date: Thu, 21 Jun 2007 15:15:44 +0100 Subject: Newsnight tonight In-Reply-To: <000001c7b3e5$012baa30$0200a8c0@russelldesktop> Message-ID: <467A9620.17402.FC8CEB@localhost> On 21 Jun 2007 at 10:16, Russell Wykes wrote: > Ross's contribution, as we might expect, was superbly competent. Which > is more than could be said for Sandra Quinn from APACS in the subsequent > interviw with Jeremy Paxman. The words 'struggling' and 'out of her > depth' spring to mind. Without wishing to inflate the size of Ross' head, I have observed this before where the banking lobby are concerned. They give the distinct impression that they have something to hide. -- David Hansen, Edinburgh I will *always* explain revoked encryption keys, unless RIP prevents me http://www.opsi.gov.uk/acts/acts2000/00023--e.htm#54 From ukcrypto at chiark.greenend.org.uk Thu Jun 21 16:07:11 2007 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Thu, 21 Jun 2007 16:07:11 +0100 Subject: Newsnight tonight In-Reply-To: <000001c7b3e5$012baa30$0200a8c0@russelldesktop> References: <000001c7b3e5$012baa30$0200a8c0@russelldesktop> Message-ID: <467A941F.9050506@iosis.co.uk> Russell Wykes wrote: > > ----- Original Message ----- From: "Ian G Batten" > To: > Sent: Thursday, June 21, 2007 9:11 AM Subject: Re: Newsnight tonight > > > > > On 20 Jun 2007, at 19:19, Ross Anderson wrote: > > > >> We helped make a piece on ATM fraud a few weeks ago for > >> Newsnight, pointing > > > > That presumably explains why I had slightly dislocating experience > > this morning of glancing from loading weights onto a bar to see > > Ross's face on the big screen TV... > > > > ian > > > > > Ross's contribution, as we might expect, was superbly competent. > Which is more than could be said for Sandra Quinn from APACS in the > subsequent interviw with Jeremy Paxman. The words 'struggling' and > 'out of her depth' spring to mind. > > Russ > This takes me back some years to the days when police from I think the West Midlands were the most active in investigating bank card fraud, and were having difficulty in getting Home Office to take their iniative national. However, the police officers, who appeared at more than one Smartex forum meetings, were quite candid about the whole topic: the systems and methods being used by the banks were not secure enough, so it was really the responsibility of the banks to look after their customers better. As we know, the banks issued cards and terminals using only the SDA method, when best advice was to go straight to DDA - but SDA was cheaper to roll out. Peter From ukcrypto at chiark.greenend.org.uk Thu Jun 21 19:40:04 2007 From: ukcrypto at chiark.greenend.org.uk (Brian Morrison) Date: Thu, 21 Jun 2007 19:40:04 +0100 Subject: Newsnight tonight In-Reply-To: <000001c7b3e5$012baa30$0200a8c0@russelldesktop> References: <000001c7b3e5$012baa30$0200a8c0@russelldesktop> Message-ID: <20070621194004.7342b792@peterson.fenrir.org.uk> --Sig_eak1i+YJaw9fVCN4EovMNoC Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Thu, 21 Jun 2007 10:16:34 +0100 "Russell Wykes" wrote: > Ross's contribution, as we might expect, was superbly competent. Which i= s=20 > more than could be said for Sandra Quinn from APACS in the subsequent=20 > interviw with Jeremy Paxman. The words 'struggling' and 'out of her dept= h'=20 > spring to mind. Every time I have heard or seen Sandra Quinn (and I'm pretty sure she's been the APACS spokesperson for a while now) she has appeared to be floundering without any adequate means of support. It's a shame that they don't either coach her in presenting a better argument or get her to accept that not all the banks do is perfect. But we can't have that now can we? --=20 Brian Morrison bdm at fenrir dot org dot uk "Arguing with an engineer is like wrestling with a pig in the mud; after a while you realize you are muddy and the pig is enjoying it." =20 GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html --Sig_eak1i+YJaw9fVCN4EovMNoC Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGesYE9BNjUd4y5cURAkVKAKCHDufFZbXzng8Yl70phiM+7URODwCfSN5q vIf+arQCB3hFi5oAUXFGzBU= =g4wt -----END PGP SIGNATURE----- --Sig_eak1i+YJaw9fVCN4EovMNoC-- From ukcrypto at chiark.greenend.org.uk Thu Jun 21 16:35:00 2007 From: ukcrypto at chiark.greenend.org.uk (Barrie Dempster) Date: Thu, 21 Jun 2007 16:35:00 +0100 Subject: Newsnight tonight In-Reply-To: References: Message-ID: <467A9AA4.1080804@reboot-robot.net> Ross Anderson wrote: > We helped make a piece on ATM fraud a few weeks ago for Newsnight, pointing > out that law enforcement on bank fraud is now deeply corrupt. The Home Office > did a deal with the banks so that fraud victims must report the crime to the > bank, not the police; the City force's card squad is a tied cottage (as Nick > put it) as the banks pays its bills; ditto the Met's e-crime squad; ditto > the Financial services ombudsman. This is jolly nice for the banks when the > fraud is done by a bent insider they don't want exposed, and jolly nasty for > the poor customer. It's also jolly nice for terrorists such as the Tamil > Tigers who use ATM fraud to raise money to finance murder and mayhem. It's > really wonderful for government spin doctors as fraud figures have fallen to > near zero. I watched the programme but it was pretty sparse on details of the acts/rules/guidance specifics. Can someone kindly link me to the original guidance or public information on this ? -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue - http://reboot-robot.net - "He who hingeth aboot, geteth hee-haw" Victor - Still Game From ukcrypto at chiark.greenend.org.uk Wed Jun 20 22:25:25 2007 From: ukcrypto at chiark.greenend.org.uk (Owen Lewis) Date: Wed, 20 Jun 2007 21:25:25 -0000 Subject: Newsnight tonight In-Reply-To: Message-ID: Thanks Ross. One of the very few occasions I regret not having TV. I'll have to pick it up in te press report tomorrow -unless they've given you a recording ;-) Best, > -----Original Message----- > From: ukcrypto-admin@chiark.greenend.org.uk > [mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of Ross Anderson > Sent: 20 June 2007 18:19 > To: ukcrypto@chiark.greenend.org.uk > Subject: Newsnight tonight > > > We helped make a piece on ATM fraud a few weeks ago for > Newsnight, pointing > out that law enforcement on bank fraud is now deeply corrupt. The > Home Office > did a deal with the banks so that fraud victims must report the > crime to the > bank, not the police; the City force's card squad is a tied > cottage (as Nick > put it) as the banks pays its bills; ditto the Met's e-crime squad; ditto > the Financial services ombudsman. This is jolly nice for the > banks when the > fraud is done by a bent insider they don't want exposed, and > jolly nasty for > the poor customer. It's also jolly nice for terrorists such as > the Tamil > Tigers who use ATM fraud to raise money to finance murder and mayhem. It's > really wonderful for government spin doctors as fraud figures > have fallen to > near zero. > > I'm now told that the programme will run tonight. Unfortunately a > lot of its > teeth have been drawn (below) > > Ross > > ** > > Date: Wed, 20 Jun 2007 19:09:10 BST > To: > From: *** @bbc.co.uk> > Subject: newsnight > > Just to let you know. The piece will run tonight. Sadly we could only > include a small part of your magnificent contribution, so the angle > about the tamil tigers was dropped, against my wishes. > The banks spokesman is coming on afterwards. The Home Office and ACPO > both refused to appear. > > Regards > > *** > > > > From ukcrypto at chiark.greenend.org.uk Sun Jun 24 12:08:34 2007 From: ukcrypto at chiark.greenend.org.uk (Peter Tomlinson) Date: Sun, 24 Jun 2007 12:08:34 +0100 Subject: Newsnight tonight In-Reply-To: References: Message-ID: <467E50B2.3070003@iosis.co.uk> Owen, Your email took a very long time to get here (Sun 24th) so by now you will be unlikely to be able to take advantage of the BBC providing a 'View Again' function on their web site. That was where I saw the programme, having been out on the night. Good stuff, and it has been followed up all over the media, with the usual clumsy responses by the bankers' representatives. (one of whom claimed that the banks are using the best security methods, which we all know is not true). Peter. Owen Lewis wrote: > Thanks Ross. One of the very few occasions I regret not having TV. > I'll have to pick it up in te press report tomorrow -unless they've > given you a recording ;-) > > Best, > > > -----Original Message----- From: > > ukcrypto-admin@chiark.greenend.org.uk > > [mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of Ross > > Anderson Sent: 20 June 2007 18:19 To: > > ukcrypto@chiark.greenend.org.uk Subject: Newsnight tonight > > > > > > We helped make a piece on ATM fraud a few weeks ago for Newsnight, > > pointing out that law enforcement on bank fraud is now deeply > > corrupt. The Home Office did a deal with the banks so that fraud > > victims must report the crime to the bank, not the police; the City > > force's card squad is a tied cottage (as Nick put it) as the banks > > pays its bills; ditto the Met's e-crime squad; ditto the Financial > > services ombudsman. This is jolly nice for the banks when the fraud > > is done by a bent insider they don't want exposed, and jolly nasty > > for the poor customer. It's also jolly nice for terrorists such as > > the Tamil Tigers who use ATM fraud to raise money to finance murder > > and mayhem. It's really wonderful for government spin doctors as > > fraud figures have fallen to near zero. > > > > I'm now told that the programme will run tonight. Unfortunately a > > lot of its teeth have been drawn (below) > > > > Ross > > > > ** > > > > Date: Wed, 20 Jun 2007 19:09:10 BST To: > > From: *** @bbc.co.uk> Subject: > > newsnight > > > > Just to let you know. The piece will run tonight. Sadly we could > > only include a small part of your magnificent contribution, so the > > angle about the tamil tigers was dropped, against my wishes. The > > banks spokesman is coming on afterwards. The Home Office and ACPO > > both refused to appear. > > > > Regards > > > > *** > > > > > > > > > > > > From ukcrypto at chiark.greenend.org.uk Tue Jun 26 12:36:54 2007 From: ukcrypto at chiark.greenend.org.uk (C R Ritson) Date: Tue, 26 Jun 2007 12:36:54 +0100 Subject: {Slightly ot} Responding to bank phishing requests? Message-ID: <37E80E80B681A24B8F768D607373CA8004219BDF@largo.campus.ncl.ac.uk> Three of us here were commenting on the increasing fidelity of purported re-validation requests that attempt to get you to divulge bank details to criminal third parties. Would there be any point in poisoning the hacker's list of target accounts? How sparse are bank account numbers? How easily detected would the fakes be? Would the appearance (I presume) of bank transfer requests for funds from nonexistent accounts cause the perpetrator to attract unwelcome attention from officialdom any quicker than is normally the case? If a set of bogus details happened to collide with someone else's bank account would I be liable? Chris Ritson (Computing Officer and School Safety Officer) Room 707, Claremont Tower, EMAIL: C.R.Ritson@ncl.ac.uk School of Computing Science, PHONE: +44 191 222 8175 Newcastle University, FAX : +44 191 222 8232 Newcastle upon Tyne, UK NE1 7RU. WEB : http://www.cs.ncl.ac.uk/ From ukcrypto at chiark.greenend.org.uk Tue Jun 26 16:33:40 2007 From: ukcrypto at chiark.greenend.org.uk (Matthew Pemble) Date: Tue, 26 Jun 2007 16:33:40 +0100 Subject: {Slightly ot} Responding to bank phishing requests? In-Reply-To: <37E80E80B681A24B8F768D607373CA8004219BDF@largo.campus.ncl.ac.uk> References: <37E80E80B681A24B8F768D607373CA8004219BDF@largo.campus.ncl.ac.uk> Message-ID: <468131D4.8080006@pemble.net> C R Ritson wrote: >Three of us here were commenting on the increasing fidelity of purported >re-validation requests that attempt to get you to divulge bank details >to criminal third parties. > >Would there be any point in poisoning the hacker's list of target >accounts? > > Yes - both dilution (fake numbers) and spot targeting can be used. The important things are to have a proper process that does not allow the fraudsters to trivially strip out the dummy accounts and to know what you are going to do when the fraudster attempts to access the account. >How sparse are bank account numbers? > > Not very - and the algorithms for generating the checksum are well known. >How easily detected would the fakes be? > > This really depends how much effort you are prepared to put in. If there is a "genuine" account behind the fake with false balance and a payments stop, then it will be quite difficult to detect (unless you make an error at the input end, i.e. entry from one of your own, or a known, IP address.) You also need to watch out for unique codes in the phishing emails - I certainly saw these in some Barclays attacks in the past. >Would the appearance (I presume) of bank transfer requests for funds >from nonexistent accounts cause the perpetrator to attract unwelcome >attention from officialdom any quicker than is normally the case? > > Not unless you count bank staff as officialdom :) >If a set of bogus details happened to collide with someone else's bank >account would I be liable? > > If you happened to guess their username and password you're a luckier man than me. One for the lawyers, I suggest. Maybe it would be similar to trade secret rules - if you can show that you had no duty of confidentiality and came across accidentally or by parallel invention - as opposed to patents. Matthew From ukcrypto at chiark.greenend.org.uk Tue Jun 26 20:37:42 2007 From: ukcrypto at chiark.greenend.org.uk (Roland Perry) Date: Tue, 26 Jun 2007 20:37:42 +0100 Subject: {Slightly ot} Responding to bank phishing requests? In-Reply-To: <37E80E80B681A24B8F768D607373CA8004219BDF@largo.campus.ncl.ac.uk> References: <37E80E80B681A24B8F768D607373CA8004219BDF@largo.campus.ncl.ac.uk> Message-ID: <5ubllH8GsWgGFA3t@perry.co.uk> In article <37E80E80B681A24B8F768D607373CA8004219BDF@largo.campus.ncl.ac.uk>, C R Ritson writes >Three of us here were commenting on the increasing fidelity of purported >re-validation requests that attempt to get you to divulge bank details >to criminal third parties. > >Would there be any point in poisoning the hacker's list of target >accounts? > >How sparse are bank account numbers? > >How easily detected would the fakes be? > >Would the appearance (I presume) of bank transfer requests for funds >from nonexistent accounts cause the perpetrator to attract unwelcome >attention from officialdom any quicker than is normally the case? Vigilantism is rarely useful or officially appreciated, and can lead to nasty accidents. -- Roland Perry From ukcrypto at chiark.greenend.org.uk Tue Jun 26 20:55:13 2007 From: ukcrypto at chiark.greenend.org.uk (Matthew Pemble) Date: Tue, 26 Jun 2007 20:55:13 +0100 Subject: {Slightly ot} Responding to bank phishing requests? In-Reply-To: <5ubllH8GsWgGFA3t@perry.co.uk> References: <37E80E80B681A24B8F768D607373CA8004219BDF@largo.campus.ncl.ac.uk> <5ubllH8GsWgGFA3t@perry.co.uk> Message-ID: <46816F21.4080402@pemble.net> Roland Perry wrote: > In article > <37E80E80B681A24B8F768D607373CA8004219BDF@largo.campus.ncl.ac.uk>, C R > Ritson writes > >> Three of us here were commenting on the increasing fidelity of purported >> re-validation requests that attempt to get you to divulge bank details >> to criminal third parties. >> >> > > > Vigilantism is rarely useful or officially appreciated, and can lead > to nasty accidents. And wading through the heaps of poorly spelled filth when you actually get access to the web-server logs & underlying database isn't even entertaining. M.