Order of the Bath

According to the news you can now sign up to receive security alerts from MI5 direct. I was going to write about this yesterday but I had no luck in finding it on their web site. Even the What’s New page doesn’t mention it—to save you the effort, the page is here (Contact Us) though I see that there is now (sometimes) a link under the What’s New paragraph on the front page (the secure and plain versions of the home page have different content).

Anyway, I am rather disappointed that they have only set this up using a communication system that is, itself, fundamentally insecure. By this I mean e-mail. It is not that there is any particularly sensitive information being sent, but that is not all security is about. Spoof e-mails are widespread and all sorts of fun and games could be had by issuing bogus MI5 alerts, even if they are not strictly on topic. There is widespread misunderstanding of what MI5 does anyway.

A much better system would be to use an RSS feed, especially as systems to use them are now widely available (IE7, Firefox, Thunderbird etc.) The thing that is lacking is public understanding of the system, but what a good opportunity for education; there is nothing better than a want-to-know to get people to learn.

[Update]
You can get a Firefox plugin that displays the threat level.
The implementation was a shambles. Although the form may be on a secure page (depending on how you get to it), the data is transmitted in plain text straight to a commercial direct mail organisation in the USA.

This entry was posted on 10 Jan 2007 at 10:59 by Rick and is filed under email, Miscellaneous, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.