UK Government has an idea

As reported elsewhere, The UK government today launched a service, ITsafe, for advising citizens about viruses and other threats. It comes from the NISCC (National Infrastructure Security Coordination Centre).

To quote the website:

ITsafe is designed to provide both home users and small businesses with proven, plain English advice to help protect computers, mobile phones and other devices from malicious attack. It consists of both the Advice on this website, and a low-volume Alerting Service.

While this is potentially good news, that’s not directly the point of this blog entry. However, one tiny aspect of the alerting service shows an interesting idea.

When a consumer signs up to receive alerts, they’re asked to provide
a "safeword": this is to reduce the risk of spoofing. All messages the service
sends will use this word in the subject line. A consumer can then
quickly check that the message has really come from ITsafe, as
someone else would not know the safeword.

This is an interesting idea, and one that banks and credit card companies
could learn from. It appears to be a lightweight, yet powerful way to foil phishing attacks. However, there’s the potential for this to cause a false sense of
security. We’ll cover this tomorrow.

[Edited Feb 25 2005 11am PST: adds concerns about false sense of security, a subject for a future blog entry.]

Post a comment

You must be logged in to post a comment. To comment, first join our community.