myspace IM at work

[Computernerd22]

IM curious if someone has 'myspace IM' on one of the workstations at work (small office consists of two desktops and one notebook). Some of the employees like to use 'myspace IM at work'. Couple questions,

#1. Does it post any type of security threat? If so, how?

#2. Im curious if someone is chatting with someone inside the office using "myspace IM" can the DATA (traffic) inside the office can it be sniffed by a packet sniffer from someone outside of the network? Basically, the other person their chatting with on myspace IM? All help is greatly appreciated.
CN22

[nihil]

Well CN22,

My personal view is that "Myspace" is actually "Theirspace" and has no place in the office which is "Yourspace" and your equipment and time?

Myspace has been attacked, and all social networking sites are attractive distribution centres for bad stuff in general. Individuals' accounts are not well regulated to prevent this.

Basically, they are so large and change so rapidly it would be a near impossible task.............. a bit like trying to moderate a large IRC network?

IM is another communications conduit along which you can be attacked by worms, spyware and God knows what else. Main problem as I see it is that people are probably more relaxed in their "community" and so are less vigilant?

One other concern I would have is regarding regulatory compliance, and the concept of legal "discovery". I haven't seen any cases but I would strongly suspect that external IM would be considered an "electronic record" that you might be required to produce?................a real PITA if you don't monitor it.

Just my £0.02

[foxyloxley]

if it's just inernal IM messaging
get MS Communicator ...........

Just finished a contract with Unilever, and they use it, and they DO have quite a few employees

just so long as you are on the same domain
or in the same forest
or in the ......................... you get the picture
YOUR data stays on YOUR network

then snuff out the opposition

[Heart Xlr8r]

I've got a question.. Why do people use myspace? I mean haven't they heard of what happened? people all over the world use their real live names/locations/ other things.

I mean why can't they stick to something like this, a forum.. Or the tried and true email? or messenger? I mean, with that alone you can talk to each other and see each other perhaps not in real life but that's at least something to do then read bulletins all day.

That's just my opinion.

[nihil]

Here is a short article from Panda on MySpace security threats:

http://www.snpx.com/cgi-bin/news55.c...4329669?-11434



More here:

http://www.snpx.com/cgi-bin/news55.c...4194448?-14215

http://www.snpx.com/cgi-bin/news55.c...13948374?-1313

[Computernerd22]

The workstations have a lot of spyware & malware etc... on them and they need to be cleaned up. I would just uninstall it and block them from accessing www.myspace.com but this is in a doctors office with only 2 workstations and a notebook. I really don't want to get that 'strict' with the 'level of security,' also it would cause them to complain. "so to speak," and think I was doing it just so it wouldnt be on the system little do they no it can make the system/network worse.

[nihil]

Hi CN22,

this is in a doctors office with only 2 workstations and a notebook

Doesn't HIPAA apply to it? Tighten the whole lot up and blame it on the boogy man Blaming stuff on "Nanny State" Government requirements is usually a good move.

This site may help?

http://www.cms.hhs.gov/SecurityStandard/

[Computernerd22]

Doesn't HIPAA apply to it?

I never heard of it until now. Anyways, I guess it does apply. So basically, their is no other option or choice but to remove it from the office workstation? Pretty interesting stuff.

[nihil]

Hi CN22,

I know it may sound a bit "off" for a UK type to be pointing out US legislation, particularly as I have never had to apply it or study it in detail, but a lot of this legislation is similar in both our countries, so I keep my finger on the pulse?

Seriously though, if ANY patient data passes through those computers you should lock them down as best you can.

[Computernerd22]

Seriously though, if ANY patient data passes through those computers you should lock them down as best you can.

Good point. Will surely do what I can do to secure the network. Its pretty small anyways not like it's an office of 30 workstations or anything like that.