With effect from 15th July 2008, Get Safe Online will operate the ITsafe Warning Service using government-sourced information.
Get Safe Online is a joint initiative between the government, the Serious Organised Crime Agency (SOCA) and private sector sponsors from the worlds of technology, retail and finance to help individuals and small businesses protect themselves against internet security risks.
Existing subscribers will notice some minor differences after this date, but the service will remain fundamentally unchanged.
The main differences are:
- The “From:” email address for future messages will change from noreply@itsafe.gov.uk to itsafe@getsafeonline.org.
- Emails will not include the “ITsafe Word” any more. You can verify alerts by visiting the website.
- ITsafe had three different types of information: alerts, warnings and news. Get Safe Online will merge the three types into a single feed online, by email and RSS.
- The messages may use a different format, but the underlying information is still sourced from within HM Government.
- The supporting web pages will be hosted at http://www.getsafeonline.org/go/itsafe. If you go to the old ITsafe.gov.uk site, you will automatically be forwarded to the new site.
{ 1 trackback }
{ 6 comments… read them below or add one }
Re point 2 – you should use OpenPGP/GnuPG digital signatures for verification too.
Have you by any chance been given the wrong (old) subscriber data by HM Govt?
I thought I unsubscribed from ITsafe about 12 months ago. I have had no communications in that time. But now I am hearing from them/you again.
I guess this could be because I left myself subscribed in some other, hardly used, warning feed and that now you have amalgamated them.
Ironically, having thought I was unsubscribed and having not heard from ITsafe from 12 months+, I treated the email from GSO cautiously as a phishing attempt of some sort.
We have the latest data but it is possible that you stopped getting messages because they were being spam filtered and now we are sending them, they’re getting through your spam filter. Anyway, whatever the reason, it’s pretty easy to unsubscribe. There are instructions in the alert emails themselves and you can go to http://www.getsafeonline.org/go/unsubscribe.
I don’t think we’re going to do digital signatures. For our target audience of home users and small businesses, the uptake of PGP-like software is very, very limited. Simply validating the email against the original on the site (or even better taking out an RSS subscription) is simpler for the vast majority of users.
The uptake of email digital signature software is inded limited, but it’s going to continue to be limited if services which would benefit from it – such as this and online banking alerts – don’t start to use it. It’s a shame if there’s no desire to promote best practice as part of this service.
Also, congratulations on getting a working RSS feed back on the site. (You’re subscribed to your own feeds and know it broke, I hope.)
Yes, we knew it broke. With the ITsafe thing and a major site redesign in the works, we managed to miss a minor technical issue with the blog that messed up the feed for a while but it’s working now.
As for the signatures, I know what you mean. In an ideal world and all that. It’s sort of chicken and egg. I suppose uptake is the easy rationalisation. Underlying it is the fact that encryption and signature stuff is just difficult to use for most people.
We’re fighting the good fight to get people updating their software, installing a/v and firewalls and generally behaving sensibly online. Basic stuff and people still don’t do it – even when they run a real risk of personal loss by not doing so. Asking them to go get PGP and install it in order to check the validity of email alerts (compared to just checking the website) is a step too far.
PGP users are like the Stig and the rest of us are like Captain Slow. We’ll get there eventually!