According to the Beeb Beeb Ceeb, we now have a government IT service, ITsafe, intended to offer security awareness to home users and small businesses in the UK.

This complements the existing National Infrastructure Security Co-ordination Centre which I never use anyway, preferring to get my information from SANS and CERT.

Sadly, my initial experience of the service is not encouraging. At its signup form, ITsafe requires an "ITsafe word" said to be "a security feature used on the ITsafe website to help reduce the risk of someone spoofing our e-mails".

So far so good. But on submitting the form, complete with email address and mobile phone number (they offer SMS alerts as well as email), no confirmation step is offered.

In other words, we have here an open loop opt-in process through which it is trivially simple to sign up email addresses other than one's own, ITsafe word or no.

Maybe the ITsafe word will help weed out spoofed ITsafe emails (probably not - the intended audience isn't that sophisticated and will probably not spot the absence of their ITsafe word in spoofed emails), but the open loop opt-in process means that some people will inevitably end up receiving genuine ITsafe emails without having asked for them. Can anyone say "spam"?

Here's hoping ITsafe gets its act together and soon.

Category: T'Internet
Technorati: T'Internet

None yet...