On Thu, Aug 31, 2000 at 12:50:58PM -0700, Tim May wrote: > > > I just watched the live press conference by the FBI, District > Attorney's Office, and SEC folks. The full story should be on Yahoo > and other news sites. The gist is that an arrest was made this > morning. > > A former Internet Wire employee, who left in early August, was the > arrestee. Internet Wire was of course the service which passed on the > false press release. > [...] > However, such a world will produce other changes which work in the > other direction. Digitally-signed press releases, for example, are > easy to do. (And I expect them to start happening Real Soon Now. > Possibly with the strong urging of the SEC and others.) A small note: IW digitally-signing the releases would not have made a difference in this case-- the guy used his knowledge of IW's procedures to social-engineer IW into accepting the fake release without doing their usual checking procedures. The story last saturday in the Merc about this said something to the effect that he'd fooled the "day staff" into beleiving that the "night staff" had already approved the release, and thus the "day staff" didn't need to do any fact checking. If they did digitally sign the releases, this one would have been so signed. Of course that doesn't make it any less untrue. The signature just protects it from detectable modification _after_ it's been sent. When/if we do ever have the common use of digitally-signed PR, documents etc, I wonder how much people will be fooled into thinking that the contents must be correct, because after all, they're signed? -- Eric Murray http://www.lne.com/ericm ericm at lne.com PGP keyid:E03F65E5 Consulting Security Architect
