SQLServerCentral Editorial

Doubly Wrong

,

Today we have an editorial that was originally published on Nov 7, 2006 as Steve is at DevConnections. 

It's not bad enough that people get tons of spam, some of it cleverly disguised and hidden in messages we might be expecting, but this idea is doubly wrong. Apparently someone setup a spam message that informed people they'd been laid off. When they followed a link, a keystroke logger was installed on their machine.

So not only did their emotions skyrocket with the news they might be let go, but they potentially could get let go anyway after someone discovers they've installed software on their machine that could compromise the company.

I'd like to think that administrators wouldn't be fooled by this and get something installed that would grab their passwords, but it's not that easy. As an administrator, you should be wary of users on your machine without supervision, even under their own accounts. It's the same reason I don't let me kids work my computer without me being their; I'm not sure they won't get some trojan installed.

The other part of this is ensuring that your security paradigm is properly set up. Anyone could fall for one of these and if they had administrative or other "superuser" rights, who knows what would be compromised. It's also a good reason to ensure that you don't share passwords, especially high level ones, for some quick fix. If someone needs some extra rights for a day, grant them rights and then remove them as soon as possible.

And change your passwords. I've worked in places where passwords were in force for years and everyone knew what they were. Might as well have a blank password.

I think targeted SPAM will become and more common in the future. Writing scripts to change senders, customize messages, change logos, etc. and target specific groups of people is not difficult and as more filters become able to deal with the large blasts of identical email, those looking to trick you will evolve as well.

So spread the word and warn your users. A large part of security is education on everyone's part.

Rate

You rated this post out of 5. Change rating

Share

Share

Rate

You rated this post out of 5. Change rating