Main Menu  

   

The ICUFR forum  

  • Our forum is hosted by WebWiz the developers of the forum software.
  • The software can handle many different Forums, Sub Forums, Posts, Groups, and Members - subject only to hardware limitations.
  • There is an optimised user interface for mobile phones and tablets and facilities for Polls, RSS Feeds and Social Network sharing.
  • The forum is open to anyone, Rotarian or not, provided they register and accept the terms of use.
  • Registration is required in order to block spam bots who seek to post junk on forums.
  • Details of how to register are available from the 'How to register' page.

Go to the Forum now!

   

Digital Signatures - Part 1

Digital Signatures

Part 1 of 3 - Roger Siddle

An article in the Guardian newspaper some while ago claimed 'your personal email set-up can be changed in just a few simple clicks to allow fraudsters to divert financially sensitive emails to their own account without you knowing anything about it’.

It tells how someone had their Gmail web settings changed so that the 'Filter' tab included a rule to select every email that 'Has the words' = 'bank account' and forward them to a hacker. Bank account details in the email were then altered and the email sent back to the victim, who unwittingly paid money into the hacker's account.

Now my wife and I are retired, we take longer holidays and sometimes rent houses abroad. Often private owners can't accept credit cards and insist that we pay the rent upfront into their bank account. Naturally they send us details of the account by email, raising the possibility of a similar fraud.

If this could apply to you, open up your web browser and access your gmail account. Click 'Settings' in the top right corner of the screen and then the 'Filters' tab and the 'Forwarding' tab to make sure there's nothing set up that you don't know about.

This is a classic instance of the 'man in the middle' security problem. If a third party can read your mail they may learn something to their advantage, but if they can alter your mail without your knowing they can lure you or your business into great danger.

To encrypt your email so nobody but the recipient can read it, you need encryption software - which can have issues. See Princeton - Guide to Using Encryption Around the World for advice on taking encrypted laptops and encryption software out of the USA.

These three articles deal with digitally signing a document to ensure that nobody has tampered with it. This would have foiled the exploit described above, but please note - it does not encrypt the text of the message. Anyone intercepting the email can read it.

The facility to create digital signatures is built into every day products like Microsoft Office and Outlook. The reason they are not more widely used is that you need a Public Key Certificate to prove your identity (see Wikipedia for background). There are practical ways in which the ICUFR can help Rotarians acquire digital certificates which will be covered in the second part of this article.

For background information on encryption here is a good starting point:
Beginner’s Guide to Cryptography & Some Useful Resources

   

Memory Lane  

   
© ICUFR