Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spyware for Corporate Espionage

Posted by michael on from the outlook-deemed-harmful dept.

therufus writes "Late in July, an e-mail that hit employee in-boxes at a British credit card and finance company carried a secret payload--spyware capable of recording confidential corporate data and sending it over the Net."

2 of 216 comments (clear)

  1. Here's our nightmare scenario in the military.... by i_want_you_to_throw_ · · Score: 5, Interesting

    Some enterprising cracker is going to encapsulate a key logger into a piece of spyware, it is going to have a logic bomb in it so it will self destruct (the purpose to gather info and then leave no trace) , it will record passwords and other info, and that info will be sent back to some third party possibly a hostile government.

    It's going to happen. Here's why it's troublesome and mod me down if you must but our operation has a blind allegiance to Redmond and the IM folks are not particularly bright. We have had network problems in the past. China has opted to bet the farm on Linux after seeing the Windows Source Code.

    As one of the few Linux developers here, I fear a nightmare is coming. I would really welcome any ideas that anyone has about how we combat this or put our minds at ease.

    Redmond related flames go to /dev/null.

  2. Re:Questions... by frodo+from+middle+ea · · Score: 4, Interesting
    I can sympathise with you , but you do realise that you are working (or have worked) for one idiot CEO.

    Two years ago I was working for a major bank's international head office, and the security there was paranoidal. It was a sys-admins dream come true.

    • No internet access, except for only those who need it. only http and https allowed.
    • No FTP or telnet, only ssh allowed, and ssh server , configured to allow access only from a very restricted subdomain
    • All system/sys DB accounts disabled after initial setup. No database with customer data could go live unless the system/sys a/cs were disabled
    • Audit loggig of every data that goes in-out
    • Root password split btween 3 persons, i.e. all three have to be present to log in as root..priceless
    • A new password generated for every previleged a/c login. i.e. password valid for only one login
    --
    for the last time people, I am "frodo from middle eaRTH", not "middle eaST".