Apr 1, 2008

Secure Email from Voltage

Voltage offers one of the many alternatives present in the industry for secure encrypted email communication. It is supposed to have incorporated strong anti-phishing technology within it. Could very well be, but there is a huge problem with the whole concept. You see, the way it is supposed to work is:

1. I type an email - and then choose to encrypt via voltage and send

2. Receiver gets an email with my email-address in the "From:" field, but with content stating something like "You have received an encrypted email. To view your email, click on the attachment.." - and a neat little html attachment presents itself for you to click.

3. Receiver - knows all about Voltage and its anti phishing technology - and hence assumes it is safe to click on a link / open the attachment.

Sheeeesh. No option to type a url and go to Voltage's website. No notification that I could be sent to sushi-land.. nothing..

.. More phish anyone ?


Ingrum said...

Try it yourself with the Voltage Security Network 30 day free trial:


Random InfoSec Guy said...

I already did - and you should be able to see that in your logs :). But you're missing the point already, if you think someone needs to download your 30 day trial to understand the issue, ingrum. If Joe receives an email - from Sally - that has an html attachment - and beckoning him to click on it...., what would - no - what SHOULD Joe do ? double click on it just because the email text states it is safe and not a phishing email ?

MB said...
This comment has been removed by the author.