Companies these days provide for mobile devices their employees use to ensure they’re available at all times. The downside of this is that their employees may also use these laptops and phones for personal use, all at the company’s expense, and the real risk of losing valuable data if they’re stolen. We’ve talked about data breaches caused by stolen laptops before. Companies should begin weighing the advantage of employee mobility with the disadvantages of possible data loss and decreased productivity.

It’s become much easier for employees to download movies, music, and watch video streaming while in the office and then load them to their mobile devices. Instead of working, they might be tempted to watch their downloads during company hours. Some pornography and gambling sites have begun to exploit this trend by offering their services for phones. These are the very same sites most hackers use to spread their viruses. This way confidential data on these devices can be breached and destroyed even without the user’s knowledge.

For the past few years companies have filtered e-mail and limited web access in the office, but similar control does not exist for mobile devices. Until the advent of similar filtering software, companies can opt to acquire and manage the distribution of their phones to their employees. In such a situation each employee is responsible for their usage. They can also create guidelines and policies to limit how the employees can and cannot use their phones, though they should be aware that their employees will resist stringent control.

[tags]mobility,productivity,mobile devices,filtering software,usage,software,employess[/tags]

Tags: employess, filtering-software, mobile-devices, mobility, productivity, Real-World Issues, Security Policies, software, usage

Categories: Real-World Issues, Security Policies

Comments Off

Spyware is any software that covertly gathers user information through the user’s Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.

Spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else. A common way to become a victim of spyware is to download certain peer-to-peer file swapping products that are available today.

Aside from the questions of ethics and privacy, spyware steals from the user by using the computer’s memory resources and also by eating bandwidth as it sends information back to the spyware’s home base via the user’s Internet connection. Because spyware is using memory and system resources, the applications running in the background can lead to system crashes or general system instability.

Because spyware exists as independent executable programs, they have the ability to monitor keystrokes, scan files on the hard drive, snoop other applications, such as chat programs or word processors, install other spyware programs, read cookies, change the default home page on the Web browser, consistently relaying this information back to the spyware author who will either use it for advertising/marketing purposes or sell the information to another party.

Licensing agreements that accompany software downloads sometimes warn the user that a spyware program will be installed along with the requested software, but the licensing agreements may not always be read completely because the notice of a spyware installation is often couched in obtuse, hard-to-read legal disclaimers.

[tags]spyware,licensing,downloads,software, it security[/tags]

Tags: downloads, IT Security Basics, it-security, licensing, software, Spyware, Tips

Categories: IT Security Basics, Spyware, Tips

Comments Off

Fuzz testing may sound like a term far removed from the IT world, but fuzzing is a good way of discovering weaknesses in a network, application or server before others do. Fuzzing involves bombarding a program with randomly generated data to see if it’ll withstand the overload. If it fails, either by crashing or not executing a specific code, then there’s a defect you need to find and correct. Hackers can use fuzzing to find what bugs exist in an application, for example, a web browser, and then create specific code to exploit the application’s weaknesses. But if these bugs are discovered before they can be exploited then a way can be found to fix these exploitable bugs.

Testers can use fuzz testing to find out if the current software being used have easily exploitable vulnerabilities. It is probably the closest approximate to a real-world situation when data coming into a system or application doesn’t always follow validation rules. While fuzzing, testers keep a record of all the data they create, so it’s easy can keep track of what specifically caused any errors. It’s also relatively cheap to perform fuzz testing, and it can be used to compare the security of different programs and operating systems. Open source fuzzing tools and tests for different applications and systems are now available online. Though fuzzing doesn’t guarantee to find every error-producing event and bug that can occur on your system, it does give an idea of where intruders might try to attack. Errors like buffer overruns and attacks on cross-site scripting can be prevented by fuzz testing.

[tags]fuzzing,bugs,buffers,phishing,pharming,software,errors,intruders[/tags]

Tags: buffers, bugs, errors, fuzzing, intruders, IT Security Basics, pharming, phishing, software, Tips

Categories: IT Security Basics, Tips

Comments Off