E-mail just can't be trusted anymore at all
Today I finally received a few e-mails that proved once and for all that plain old ordinary e-mail can not be trusted at all.

Why can't I trust e-mail? The basic answer is that the e-mail through the internet is completely based on trust and that trust can easily be betrayed by unethical people.

I received four different e-mails with a virus attached. They looked completely authentic. The problem is that I'm the owner of the birman.org and birman.com domains and I know that there are no users of the name management@birman.org, administration@birman.com or administration@birman.org. Great directions to install a virus on your computer though...

The last message example is another wonderful example of the same type of virus. Maureen did NOT e-mail me the attached document.

Grrrr...

There is a way around this DUMB problem. The generic answer is to have a method by which the sender is proven to actually be the sender and the message is proven to have not been changed from when it was sent to when it was received. The next step up would be to send messages that only the receiver can read.

The specific answer is to use public key cryptography on all e-mail messages. So, tomorrow I'll be digging up explainations of what I'm talking about. I promise to fill in some details which should make it easy to trust that any e-mail I send really is from me.

Grrr.

Here are the four example e-mails that I received today:

I gotta give the virus writers credit on these e-mail messages. Completely believable and hard to really see any problems with the messages unless you know better. And it's all a trick to get the naive user to open an attachment to install a virus.
10:29:21 PM  #     comment []  trackback []