Don't send diamonds to Russia

I've been asked by a reader to tell you a little about my views on security; particularly in relation to website security and why it's important.

Internet security is a big topic and it will take me some weeks to cover most of the key aspects but I thought I would start with a few very basic concepts and a little puzzle for you to think about.

The transparent envelope

The simple and important thing to understand is this; most of the correspondence you send over the Internet is sent in a transparent envelope.

This includes two key things;

details you enter into forms (including your password - if the site is not encrypted)
most, if not all, of your email correspondence

And when you send an email or fill in a form you're almost never talking directly to the second party. Your communication is being relayed through dozens of third party servers where anyone with access can read what you're sending without you ever knowing.

In other words; anyone working in the transit postal system or in the mail room at either end can read what you're sending.

Take some basic precautions

To protect yourself a little you can take a few very basic precautions.

First - don't use the same password for everything and use a complex password. I'll be explaining why password complexity is so important in a few weeks but for now please take my word for it.

Second - don't send secure details like credit card information or passwords around in email.

Finally - make sure you check before you sign up, sign in or hand over credit card details that the site you're using is secure. You can do this by checking the web address starts https rather than http - though most browsers these days will show you a clear green marker the address bar to validate the encryption certificate being used.

An illustrative puzzle!

There's a lot more to say on this topic so for now I'm going to leave you with a puzzle.

Boris and Doris want to get married and Boris would like to send his fiancée a diamond ring. Unfortunately the Russian postal system is so corrupt that anything of value will get stolen in transit unless it is in a locked box.

By "anything of value" I include padlocks, open boxes and especially keys - as well as diamonds of course.

How does Boris successfully send Doris the diamond ring without it being stolen in transit... using only the components of value given above?

If you think you know the answer why not post it in the comments below. If you don't then sign up to receive my weekly bulletin because I'll post the answer in my next security related article in a few weeks.

Robert said “Boris” years ago

OK, so he cannot send an open box or one that needs key or padlocks. He has to send it in a locked box that has no intrinsic value. I assume he cannot write anything on the outside of the box such as radioactive as they will deem that to have value and steal it.

Nope, still cannot work it out. But enjoyed it all the same

Daniel said “Boris and Doris” years ago

The Easy Solution:

Boris sends Doris a locked box with the diamond ring inside. Doris calls Boris once the package has arrived. Boris then sends the key.

The Public Key Solution:

Boris puts the diamond ring in a box, locks it and sends it to Doris.

Doris locks the box again with her lock and sends the box back.

Boris removes his lock and sends it to Doris.

Doris removes the final lock and gets the diamond ring.

Oli said “Your puzzle” years ago

Boris sends Doris a box with the diamond ring in, locked with a padlock only he has the key for.

Only he can open it so when it arrives with Doris she can't get at it.

However, she adds her padlock to the box and returns the box, keeping the key.

Upon receiving the box back Boris can unlock and remove his padlock, but can no longer open the box, as he doesn't have Doris' key.

Regardless, Boris returns the locked box to Doris, who removes the only remaining padlock, her padlock, using her key, opens the box and retrieves her ring.