Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

EDS postpones instant message ban

From: InfoSec News <isn () c4i org>
Date: Wed, 15 May 2002 03:03:05 -0500 (CDT)
http://www.theregister.co.uk/content/6/25271.html

By John Leyden
Posted: 14/05/2002 at 11:12 GMT

EDS has postponed its proposed ban on instant messaging after staff
told its techies that it was an important tool for communicating with
clients.

Last week, EDS told staff that IM products (such as AOL, ICQ and
Yahoo!) would be blocked at its firewall from May 8. It cited security
concerns, especially the fears that viruses which would otherwise be
blocked by gateway AV protection would slip through to user
workstations via instant messages.

EDS has now postponed the blocking order.

In a memo to staff, Paul Clark, EDS' chief information security
officer said "due to the nature of this change, we are aware of
several clients that are affected and are working to co-ordinate
alternative solutions for those clients. Blocking instant messenger
capability at the firewall will not occur as previously scheduled on
08 May 2002."

"We will follow-up when a new date has been determined," he added.

EDS is not alone in its attempts to curtail users' of chat and instant
messenger services at work.

Last week we reported how Samsung has commissioned its systems
integration arm to create filters that prevent workers from accessing
portals such as MSN Messenger and Daum Messenger, and also to
intercept inbound chat and IM traffic from outside the company. The
move created discontent among employees, the Korea Times reports.

Alcatel workers in the US have been banned from using instant
messaging for some time, a Reg reader who works for the company
informs us.

IM is convenient but it can create holes into an organisation. Instant
messaging attacks have become a common method of propagation in recent
viral outbreaks, and (as CERT warned back in March) a tool for social
engineering, including tricking users into running malicious software
(potentially DDoS attack tools) on their machines.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: