Thursday, 24 February 2005

UK.Gov has idea, shocker

Categories: , , , , .

As reported elsewhere, The UK government now has a service, ITsafe, for advising citizens about viruses and other threats. It comes from the NISCC (National Infrastructure Security Coordination Centre).

To quote the website:

ITsafe is designed to provide both home users and small businesses with proven, plain English advice to help protect computers, mobile phones and other devices from malicious attack. It consists of both the Advice on this website, and a low-volume Alerting Service.

While this is potentially good news, that's not directly the point of this post. However, one tiny aspect of the alerting service shows an interesting idea.

When a consumer signs up to receive alerts, they're asked to provide a "safeword": this is to reduce the risk of spoofing. All messages the service sends will use this word in the subject line. A consumer can then quickly check that the message has really come from ITsafe, as someone else would not know the safeword.

This is an interesting idea, and one that banks and credit card companies could learn from. It appears to be a lightweight, yet powerful way to foil phishing attacks. However, there's the potential for this to cause a false sense of security. We'll cover this tomorrow.

[Edited Feb 25 2005 7.30pm UTC: adds concerns about false sense of security, a subject for a future blog entry.]

No comments:

Post a comment