Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spyware for Corporate Espionage

Posted by michael on from the outlook-deemed-harmful dept.

therufus writes "Late in July, an e-mail that hit employee in-boxes at a British credit card and finance company carried a secret payload--spyware capable of recording confidential corporate data and sending it over the Net."

2 of 216 comments (clear)

  1. Re:Questions... by jdreed1024 · · Score: 5, Insightful
    What kind of stupid sys-admin allows .vbs, .js , .exe, .sws attachements thru the corporate email ?

    The sys-admin who is told by the CEO to remove the e-mail blocks, because someone wants to e-mail him a self-extracing zip file (.exe).

    What kind of idiot sys-admin would allow the corporate users , to run their PCs with admin previleges , so that any unwanted junk s/w be installed on their PCs ?

    The sys-admin who gets in trouble when he yelled at Bobby the Intern (who happens to be the CTO's nephew) for installing Kazaa on his machine. Ditto for the sys-admin who was told to turn the PHB's account into an Administrator account so he could install MS Entertainment Pack.

    Which genius allows unrestricted access to confidential corporate data to its users ?

    The genius who tried to secure the confidential corporate data with X.509 certificates and/or passwords, but was then told to remove them, because the VIPs were complaining about having to remember too many passwords.

    Why do the corporate firewalls not block out-bound traffic to all ports but a select few HTTP/SSL ect ?

    Because then the PHB can't use AIM to chat with his friends.

    Seriously, I worked as a sys-admin in an environment like this. You wouldn't believe the number of safety procedures that the CEO/CTO/PHB wanted to circumvent to make life easier for themselves. Unless you have a CTO who understands security and will stand up to the rest of the VIPs, you're doomed. Completely and utterly doomed.

    I attempted to implement the passwd changing program with cracklib support to prevent users from picking stupid passwords. That lasted about a week before I was told to take it away.

    There was a brief period of time where we went around and killed off IE on the desktop machines, because there were too many damn vulnerabilities. That lasted about 2 weeks before the CEO told us that the researchers couldn't use "this Netscape thing".

    Repeat for many other events. Bottom line is anyone who is not a sys-admin knows two things: routine and usability. However, implementing propert security requires changing at least one of those, if not both. And therein lies the problem.

    --
    There is no sig, there is only Zuul.
  2. Re:Here's our nightmare scenario in the military.. by zeux · · Score: 5, Insightful
    China has opted to bet the farm on Linux after seeing the Windows Source Code.

    I think that China choose Linux not because of Windows source code but because Windows is the product of an American company.

    But maybe I'm wrong.
    --
    Iraq: war to save the U