why my Gmail, Yahoo mail, and hotmail certify my emails for me?
Recently I read an article from WSJ which advise people not to trust any email from financial institution, which is quoted below:
Don't trust email from financial institutions. Email is so easily manipulated by crooks that you simply should never, ever consider any email from a financial institution as legitimate. The message may bear a bank's or a broker's logo, but you should never respond to such an email, and never click on any link it contains.
I feel very sorry for those banks that are trying really hard to convience their customers to swith to paperless statement. I feel very sorry for the trees too.
Stanford researchers have designed a method to provent phishing, which is very simple and "useful"(quoted because I am not sure if it is hackable once it is widely used).
But I wonder, why not my email service providers just certify the those bank email senders for me? GYM(google,yahoo,microsoft) just get the Public Key from Citi Bank, verify the email and tell me this email is authenticated to be secure.
We all know PKI is best and most secure methods and it has been tested for over 2o years. Do you know even RSA patent expired in 2000? The only reason of PKI failure is the difficulty of managing the public keys. It is extremely difficult to ask my hundreds of pals to update my public key after my private key is stolen. However, this should not be a problem for those big players. After so many years competition and consolidation, I guess 90% of people are common customer of GYM, Citi Bank, MNBA, BOA, WM, WF, etc. It should not be difficult for them to manage a PKI.
Don't trust email from financial institutions. Email is so easily manipulated by crooks that you simply should never, ever consider any email from a financial institution as legitimate. The message may bear a bank's or a broker's logo, but you should never respond to such an email, and never click on any link it contains.
I feel very sorry for those banks that are trying really hard to convience their customers to swith to paperless statement. I feel very sorry for the trees too.
Stanford researchers have designed a method to provent phishing, which is very simple and "useful"(quoted because I am not sure if it is hackable once it is widely used).
But I wonder, why not my email service providers just certify the those bank email senders for me? GYM(google,yahoo,microsoft) just get the Public Key from Citi Bank, verify the email and tell me this email is authenticated to be secure.
We all know PKI is best and most secure methods and it has been tested for over 2o years. Do you know even RSA patent expired in 2000? The only reason of PKI failure is the difficulty of managing the public keys. It is extremely difficult to ask my hundreds of pals to update my public key after my private key is stolen. However, this should not be a problem for those big players. After so many years competition and consolidation, I guess 90% of people are common customer of GYM, Citi Bank, MNBA, BOA, WM, WF, etc. It should not be difficult for them to manage a PKI.
posted by HFT at 5:28 PM
0 Comments:
Post a Comment
<< Home