funsec mailing list archives
RE: Security Fears Prod Many Firms To Limit Staff Use ofWebServices
From: "D'Aloisio, Marc" <Marc.DAloisio () ct gov>
Date: Thu, 30 Mar 2006 10:35:25 -0500
IMHO, IM is definitely a threat. I was involved in an incident a while ago where a group of consultants working on a project was using public IM to discuss sensitive details of the project, including passing privileged credentials (userids and passwords). We caught it monitoring traffic with an IDS. Needless to say, that practice stopped, but we were told it was common practice within consulting firms to collaborate using public IM as well as public email (Yahoo, gmail, etc.). To me, it's a risk to have unsecured sensitive communications going through and/or stored on servers not managed by the data owner or covered by NDA, SLA, or other agreement that covers confidentiality. Marc D'Aloisio, CISSP Network Security Analyst; Security Incident Response State of Connecticut - Department of Information Technology -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Larry Seltzer Sent: Thursday, March 30, 2006 10:04 AM To: funsec () linuxbox org Subject: RE: [funsec] Security Fears Prod Many Firms To Limit Staff Use ofWebServices I would block file sharing myself if I were in charge of IT, but IM seems like an overreaction. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer Contributing Editor, PC Magazine larryseltzer () ziffdavis com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Security Fears Prod Many Firms To Limit Staff Use ofWebServices D'Aloisio, Marc (Mar 30)
- RE: Security Fears Prod Many Firms To Limit Staff UseofWebServices Larry Seltzer (Mar 30)