Slashdot Mirror

← Back to Stories (view on slashdot.org)

Instant-Messaging Attacks On the Rise

Posted by CmdrTaco on from the no-shock-here dept.

Ant writes "CNET News.com and ZDNet News report that security attacks over instant-messaging (IM) networks became more prevalent in 2005, according to a new study. MSN experienced the largest number of IM security incidents in both 2004 and 2005, while year-on-year incident growth rates were largest on AIM."

7 of 151 comments (clear)

  1. Obvious by heavy+snowfall · · Score: 3, Insightful

    Obvious, they go to where the easy targets are. As a plus: When you infect a computer connected through AOL the chance of discovery and subsequent removal is smaller. How many granny's on AOL run a firewall+spybot+antivirus etc?

  2. Re:Am I the only one who hasn't noticed it? by arachnoprobe · · Score: 3, Insightful

    I think it also depends on your buddy-list. The demographical variation in a buddy-list of your average John Doe or Grandma Doe should be very different from someone posting here on slashdot.

  3. Mobile phones by Rob+T+Firefly · · Score: 4, Insightful

    This is going to cause more and more of a problem not just for Joe Average PC user, but for the growing numbers of people with IM capability on their mobile phones and other devices, where using a clean third-party client is not an option, and where many plans still charge by the message.

    --
    Slashdot Burying Stories About Slashdot Media Owned
  4. It's easy enough to see why... by Torinir · · Score: 3, Insightful

    IM applications are hot attack vectors.

    1. Most instant messenger applications are client dependant. You need YIM/AIM/MSNM clients to talk to others on those IM networks, unlike client independant networks such as IRC.

    2. IM programs store contact lists much like a standard email client. Easy to read, exploit and spread.

    3. Most IM programs enjoy a high degree of popularity. Higher user counts = faster spreading.

    It's probably why I avoid IM programs like the plague.

  5. Re:Just don't use their client by endrue · · Score: 2, Insightful

    Your point is valid, however people will click links on webpages and in emails as well. By switching to a generic client you are bypassing the security hassles (i.e. the things that cannot be helped) and you are left with the user having to be responsible just like they have to be on every web-based medium.

    --
    I meta-moderate because I care.
  6. Re:Just don't use their client by Anonymous Coward · · Score: 2, Insightful

    Well, most people I know think the MSN client is a crufty, bloated piece of shit.

    The plural of "anecdote" is not "data".

  7. Re:Security Policy by ichimunki · · Score: 2, Insightful
    All file transfers must be initiated by user action.

    This seems overly broad. How do you automate internal file transfers with a policy like this? Do you have no operational systems that need to provide data extracts to analysis systems or the like? Or do you allow automated transfer in documented and approved situations?

    --
    I do not have a signature