|
|
While the problem is quite real and worthy of serious discussion, the story about a prisoner released because of a faked FAX that Bruce Schneier wrote about in Hacking Faxes really had me laughing.
However, the phony letterhead and misspelling weren't the only clues that the fax was bogus. The time and date stamp at the top of the fax shows that the fax was sent Saturday at 11:16 p.m. from McDonald's on Missouri Street in West Memphis.
Despite the time of night, the discrepancies and the overall look of the fake fax, it was accepted. Shortly after it was received on Saturday, Wilson was released from jail.
Social hacking is always going to be a problem (and may often be the weakest link) in any secure system. In the interest of convenience, systems and/or procedures can often make these attacks easier. In this case, loose controls on official messages (judicial expediency is usually a good thing) to the central jail (forged release documents are not a new phenomenon) was a problem.
Here, it wasn't too hard to figure out what went wrong (low tech paper saves the day?)
In a world where a massive amount of messaging is happening, and billions of systems are interconnected in planned (and unplanned ways), tracking down the root cause is going to be a significant challenge.
Posted by Dave at November 8, 2004 08:40 PM