Shostack + Friends Blog Archive


"A Roadmap for Forgers"

Ed Felten has a great post over at Freedom To Tinker about Rather-Gate:

In the recent hooha about CBS and the forged National Guard memos, one important issue has somehow been overlooked — the impact of the memo discussion on future forgery. There can be no doubt that all the talk about proportional typefaces, superscripts, and kerning will prove instructive to would-be amateur forgers, who will know not to repeat the mistakes of the CBS memos’ forger. Who knows, some amateur forgers may even figure out that if you want a document to look like it came from a 1970s Selectric typewriter, you should type it on a 1970s Selectric typewriter. The discussion, in other words, provides a kind of roadmap for would-be forgers.

On top of educating forgers, the debate, at least for those who followed it, has provided an education in document authentication. So not only are the forgers smarter, but so is the general public. That’s a very good thing.

Many security problems are built into products because the designers don’t know about a problem, or become convinced that no one else will discover it. A better educated public helps to address both these issues: Designers are more likely to know about problems, and once they know them, management is less likely to dismiss them as improbable or obscure.