Nikkin's May 5 reportAccording to a report, the Financial Services Agency has asked financial institutions to reconsider their practice of sending password-protected ZIP files by email (known as PPAP). This is because there is a risk of information leakage if the recipient's security software cannot detect malware (malicious programs).The plan is to check whether improvements are being made through future inspections and monitoring.(!!)It seems so.
When exchanging opinions with regional banks in May, a senior official at the FSA stated clearly that "sending password-protected files should not be done in principle." The basic rule is to encrypt email communication routes, and if this is difficult, they are asked to use alternative methods such as online storage. Shizuoka Bank and Kyoto Bank are already moving to abolish PPAP, switching to a method of sending dedicated URLs rather than attaching files to emails. However, there are still many financial institutions that continue to use PPAP.
Until now, many institutions have used the "PPAP" system (named by the PPAP Research Institute) to send a password-protected file by email and then send the password separately later.Mr. Taiji) has been used, but the risks of eavesdropping and malware infection have been pointed out. For example, the July 2020 issue of "Information Processing," the journal of the Information Processing Society of Japan, states:Special Issue on the Journal of Information Processing Society of Japan, "Goodbye, Meaningless Encrypted ZIP Attachment Emails"We have been working together to point this out.
The contents of the special feature wereKoichi EdoAfter consulting with Mr., the result is as follows. (All articles are available for free.)
- 0.Editorial Notes - Ritual Security PPAP: Towards a Security Renaissance in Japan
- 1. What is PPAP? - The dark history of its development
- 2. Security Significance of PPAP
- 3. Why did we start doing PPAP?
- 4. Panel discussion: "How to eliminate PPAP from society"
- Natsuhiko Sakimura, Akira Ota, Masanori Kusunoki, and Tetsutaro Uehara
This feature was later published in37th Telecom Interdisciplinary Research AwardWas awarded.
While we were creating this special feature, the COVID-19 pandemic hit, and the roundtable discussion was held online, so the authors were not all in attendance. Therefore, in the photos of the roundtable discussion, one of the authors appeared in a Vtuber-like appearance.
that is thisNewsWhen the song was broadcast,The 29th Shirahama Symposium on Cybercrime" was being held, and by some miracle, all four of the authors were there, so we took a commemorative photo. It may have been the first time that all four of us had been physically together since the special feature.
