I was attending a Legal Issues on E-Commerce lecture yesterday and I was amazed by the superficial knowledge of the audience on security matters. Being totally ignorant is something I understand, since they may have never had the chance to learn about it, but believing you know about it when you don't is absolutely disappointing.
So we were talking about digital signatures on e-mails and online transactions in general and a guy claimed that when you apply for an e-mail address and give out your name and address, it is the provider's obligation to verify that info and therefore when you get a mail from someone you really should trust its source (yeap, the "From:" field). Can you believe it?
OK, maybe he has never heard of spoofing an e-mail address or taking over ones account but how can he be so sure of the facts to argue that an electronic message coming through a "known and well-respected" provider's network is something you can trust?
Anyhow, here are some Wikipedia links concerning Digital Signatures, Electronic Signatures (totally different object) and Public-Key Certificates.
So we were talking about digital signatures on e-mails and online transactions in general and a guy claimed that when you apply for an e-mail address and give out your name and address, it is the provider's obligation to verify that info and therefore when you get a mail from someone you really should trust its source (yeap, the "From:" field). Can you believe it?
OK, maybe he has never heard of spoofing an e-mail address or taking over ones account but how can he be so sure of the facts to argue that an electronic message coming through a "known and well-respected" provider's network is something you can trust?
Anyhow, here are some Wikipedia links concerning Digital Signatures, Electronic Signatures (totally different object) and Public-Key Certificates.
No comments:
Post a Comment