By now, french bank Societe General's huge loss is well known. And while the intricacies that led to such a loss remain unclear, Jerome Kerviel, the man presently at the center of the storm, has apparently revealed to authorities that he was able to pull off some of his stunts by using forged emails. That is, at least, what can be found in the Le Monde newspaper's article covering transcripts of Kerviel's interrogation. Here is the relevant portion roughly translated:
I provided false evidence of these transactions, basically forged emails. I created a forged email using a capability available to me in our internal messaging system, basically a function that enables me to reuse the header of an email that was sent to me while replacing the email's content. I was then able to type the text I wanted and the email appeared as being genuine.
That is an extraordinary statement in and of itself and should sound the alarm for any organization that depends on emails' contents for executing critical decisions. Basically, casual conversations asside, if you cannot tie an email's content to a verifiable origin, you shouldn't act on the contents.
And while there are a few email authentication schemes around, it's important to note that few enable recipients to reliably tie a body to its real-world origin (i.e. a legally-formed company or actual individual) and much less tie headers' contents to a body, especially as header content changes greatly in transit. A decent email authentication mechanism should be robust enough to continue providing recipients with verifiable information even when some email parts might have changed. For example, it should allow the recipient to check the validity of the body's content even if the "to" or "from" or even "subject" fields may have changed in transit.
In sum, the Societe General scandal should serve as an eye-opener for those who feel that email authentication is simply a matter of getting rid of spam. In fact, email authentication is crucial to any real-life scenario where critical decisions are taken based on the content of an email. And, as we know from the above, from other headlines and even from some laws in effect in certain jurisdictions, email is considered by many to be an authoritative document. Those in the know, however, realize that there is no technical basis for such a mindset. For now at least.
I disagree with the categorical statement that you should act on e-mail that isn't verifiable. The choice of whether to act on it should depend on the consequences both of acting and not acting. It is when the potential cost of the actions is high that verifiability is necessary. A simple example would be two messages from my wife, one asking me to pick up the kids after work, and the other telling me to go ahead and authorize payment on a large purchase. I'll verify the second one by calling her, but on the first, I'll just show up to pick up the kids.
However, that is not an argment against making e-mail secure. Far from it. Providing secure e-mail means that verifiability is there when it is necessary. It will effectively lower the threshold at which people will typically check to be sure, if they can know at a glance.
Posted by: Anonymous | February 04, 2008 at 02:53 PM
i agree with you dude
Posted by: banka | May 03, 2008 at 12:03 PM
Vimax Pills are the best and most reasonably priced penis enlargement pills on the market today. Men have a 94-98% Success Rate with the Vimax Pills ...
Posted by: vimax | February 18, 2010 at 01:33 AM
sounds awesome! and this post is just gorgeous!*
Posted by: coach outlet stores | November 01, 2010 at 09:35 PM
*All this cannot be accomplished overnight.
Posted by: christian louboutin | November 11, 2010 at 01:48 AM
I LOVE this! SO cute!*
Posted by: coach factory stores | November 11, 2010 at 08:30 PM
Tomorrow is an other day!@
Posted by: air max 90 | November 12, 2010 at 08:29 PM
Good at planning, good at time management.*
Posted by: coach outlet stores | November 15, 2010 at 10:11 PM
i am agree with the previous comments.
Posted by: cialis super active | December 05, 2010 at 11:36 PM
When you're in a not good position and have got no money to go out from that, you would require to receive the loans. Because it will aid you for sure. I take collateral loan every year and feel fine just because of that.
Posted by: Lisa18Alston | December 06, 2010 at 12:43 AM
Do something to have faith, believe in yourself
Posted by: coach outlet online | January 02, 2011 at 08:12 PM
Um...like the style of your writing.*_*
Posted by: Taobao buy | January 05, 2011 at 10:30 PM
Strong authentication of email really need of the day. Thanks for sharing this useful article.
Posted by: Vimax pills reviews | January 11, 2011 at 04:39 AM
* be happy together is good enough. I am not asking for things that I could never get.
Posted by: Taobao English | January 21, 2011 at 07:58 PM
It will effectively lower the threshold at which people will typically check to be sure, if they can know at a glance.
Posted by: ClubPenguinCheats | March 22, 2011 at 10:29 PM
it's horrible....maybe this is some haker do this?
Posted by: writer jobs | March 23, 2011 at 10:44 AM
This is totally awesome. I like what you have in here. thanks for sharing.
Posted by: affordable health insurance | April 19, 2011 at 01:44 AM
You've made a good point. thanks!
Posted by: slim fast diet plan | April 25, 2011 at 01:43 PM
This is really good article. But from Europe your blog are to slow:( I dont know why!
Posted by: order cigarettes | April 28, 2011 at 08:14 AM
be happy together is good enough. I am not asking for things that I could never get.
Posted by: Herve leger | May 12, 2011 at 10:03 PM
I am simply out of words after reading your blog. I want to appreciate the way you handled such a complicated subject.
Posted by: 646-205 | May 16, 2011 at 05:44 AM
I truly enjoyed this. It has been extremely informative as well as useful.thanks for sharing the information.
Posted by: Recruitment to Recruitment London | May 16, 2011 at 07:54 AM
I found your website perfect for my needs. It contains wonderful and helpful posts. I have read most of them and got a lot from them.
Posted by: mesothelioma symptom | May 17, 2011 at 07:12 AM
This is a really good read for me. its really very good post. Thanks for posting this informative article.
Posted by: Historical Swords | May 17, 2011 at 01:23 PM
It will effectively lower the threshold at which people will typically check to be sure, if they can know at a glance.
Posted by: authentic air jordan shoes | June 12, 2011 at 11:17 PM