When will companies realise that there is a solution to phishing. If ebay/paypal and the other main websites started to sign every email they send out we’d be able to setup users pc’s to autovalidate those signatures and instruct people never to visit a link to paypal/ebay unless the email shows up as valid. Using KMails colour highlighting as an example valid emails have a green border, unknown as yellow and invalid emails as red.

Not everyone would be capable of installing the required software to do Public Key encryption such as gnupg however usually everyone knows someone who knows how to setup/install software. Once its installed and the relevant key downloaded from the top sites and added to the public keyring we could at least have a way to eliminate forged emails.

Received an email from services@paypal.com or anything@paypal.com, not showing green? Then delete it. Showing green, then still exercise caution but at least you can place more trust in the email than currently.

Attacks may change to modifying your public key and so on but these would require compromising the users pc and if that happens all bets are pretty much off for any kind of end users security.

The thing is, these websites wouldn’t have to require people use PKI to recieve emails, just sign them and leave it up to the end users. Those who don’t know or don’t care will just have a mime attachment that can be ignored. Those who do care or have someone set it up for them, will have an extra layer of security.

Although I’m running windows again, when I did use Linux for the majority of this year I have to say KMail made PKI a snap. You could automate everything (aside from decryption/signing which required you to enter your password – unless you used a caching system such as keyring of the kde ssh add-in). PKI in the form of PGP and the better (imo) gnupg has been around for 10 years or so and yet its still no where near mainstream. I look through the number of computer savy friends and people I know via the internet and count prehaps 1 or 2 others that use it.

Its a shame that such a technologically sound principle is not been put to work in the mainstream.

Support GNUPG and help put one extra hurdle in the paths of phishers and scammers.

I regularly visit the hlccl.com forums and today someone posted a link to an interesting puzzle game. It managed to stump me for several hours on and off until I finally gave in and looked up the answer, I just had to otherwise I’d have done no work at all today and I’ve projects to finish

Anyhow heres the link to the game Petals around the rose

and heres an interesting article about bill gates playing it
Petals Around the Rose Article

I won’t post the solution, you can always google it but believe me you’ll wish you’d kept at it instead of feeling silly for missing the bleeding obvious.

This sort of game would make for a a nice and easy T2D project for any newcomers to T2D, plus you could then annoy all your relatives by making them play through it