Does IM stand for insecure messaging?
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Does IM stand for insecure messaging?

  1. #1
    Senior Member
    Join Date
    Mar 2004
    Posts
    510

    Does IM stand for insecure messaging?

    http://news.zdnet.com/2100-1009_22-5...=zdfd.newsfeed

    most of which rely for their proliferation on ignorance of their existence among users and IT administrators.
    the best way to help people protect themselves is to instill the same distrust regarding Web links or attachments sent via IM that they have been taught to apply to e-mail.
    Which do you think is the greater culprit, in this case, the software or the user?

    From most of what I've read it doesn't seem like the client software has been exploited until the user took ill advised action.

    \"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn
    Share on Google+

  2. #2
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,535
    PEBKAC

    Problem Exists Between Keyboard And Chair
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !
    Share on Google+

  3. #3
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    I am not aware of *any* exploits that impact (up-to-date) IM applications without user-intervention. As always, the user is the weakest link in an attack like this. Technical attacks are usually easy to fix once they are understood (or we wouldn't have the booming Configuration Management sub-set of the industry), but human failures and misunderstanding or lack of common sense have been a problem ever since that Trojan commander let the big wooden horse inside the city walls of Troy.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
    Share on Google+

  4. #4
    Senior Member
    Join Date
    Mar 2004
    Posts
    510

    Instant Messaging Continues to Advance as an Attack Vector for Hackers to Gain Access

    http://www.wwwcoder.com/main/parenti...6/default.aspx

    IM's acceptance rate continues to grow. In fact, industry research firm IDC predicts that there will be over 450 million worldwide users of consumer and business IM products by the end of 2007
    Today, Websense Security Labs has discovered highly sophisticated IM attacks that spread malicious code and worms directly into an organization without any end-user intervention. Hackers have now begun to utilize IM as a new vector for phishing and pharming scams, by sending out mass messages to thousands of IM users which request the recipient to click on a link which takes them to a fraudulent website. These malicious or fraudulent sites either request personal information from the end user or automatically download and run keyloggers, worms or viruses on the user's machine-creating an open backdoor for hackers.
    Every article user clicks this user clicks that. How many years have they been preaching discretion with e-mail. Hopefully it won't take as many years for people to realize the same risks apply to IM and virtually everything else they do on their computers.
    \"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn
    Share on Google+

  5. #5
    the other threat is one of privacy but also one of safety some people accidentally save their conversations on public computers and that gives some one a chance to profile them on the other hand it is usefull to police if some one comes up missing or murdered they can check for clues on the persons computer
    Share on Google+

  6. #6
    Senior Member
    Join Date
    Mar 2004
    Posts
    171
    Today, Websense Security Labs has discovered highly sophisticated IM attacks that spread malicious code and worms directly into an organization without any end-user intervention. Hackers have now begun to utilize IM as a new vector for phishing and pharming scams, by sending out mass messages to thousands of IM users which request the recipient to click on a link which takes them to a fraudulent website. These malicious or fraudulent sites either request personal information from the end user or automatically download and run keyloggers, worms or viruses on the user's machine-creating an open backdoor for hackers.

    If the user has to click on a reciept, isn't that user intervention? Without the user interacting with the IM client.... it aint going to expliot the box, or am I wrong?

    Oh... and in general.. IM stands for Instant Moron.
    ~ I'm NOT insane! I've just been in a bad mood for the last 30 years! ~ Somepeople are like Slinky's: Not good for anything, but the thought of pushing them down the stairs brings a smile to your face!
    Share on Google+

  7. #7
    It's time to brush my teeth
    Share on Google+

  8. #8
    Senior Member
    Join Date
    Mar 2004
    Posts
    510
    Aenema, as always, thanks for your wonderful input. Your posts are always so informative.

    More IM info, no real surprise but

    Report: Companies unprepared for IM attacks

    A recent survey conducted by the IT security company found that 90 percent of the 7,500-plus businesses it spoke with have established policies to manage use of e-mail, but 49 percent have no official rules in place to govern IM and peer-to-peer software usage.
    .. so buy our new IM protection.

    I'm surprised that 51% have an IM policy, maybe all the attention is paying off .... or they lie

    http://news.zdnet.com/2100-1009_22-5...=zdfd.newsfeed
    \"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn
    Share on Google+

  9. #9
    Senior Member
    Join Date
    Mar 2004
    Posts
    171
    We have a policy in place, but I doubt anyone much pays attention to it. Of my small group of users, only two actually use peer-to-peer or IM, and they both far out rank me within the company, so... :S

    I am not really surpized that 51% do have a policy, my best bet is their ASP blanket covers email/IM/P2P etc. The only reason I included it here was because IM caused some issues at a job I worked before, so it was an issue in my head when I wrote the ASP.
    ~ I'm NOT insane! I've just been in a bad mood for the last 30 years! ~ Somepeople are like Slinky's: Not good for anything, but the thought of pushing them down the stairs brings a smile to your face!
    Share on Google+

  10. #10
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    MrCoffee, I'm assuming ASP = Acceptable Use Policy, or some similar term/document?

    I hear you loud and clear. My current client doesn't have an in your face policy (it's in their Usage Policy, if you read far enough back into it), but it doesn't matter. They block everything and it's cousin both inbound and out. Help yourself, install all the IM clients you want...your traffic bounces off the electronic barrier. "Well I'll just proxy it through port 80!" you say? Websense takes care of that.

    It's a great setup. The downside is it takes a higher level of effort to engineer, administrate, and document the network architecture and policies. And it does feel somewhat draconian at times.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides