SQLServerCentral Editorial

Doubly Wrong

,

Today we have an editorial that was originally published on Nov 7, 2006 as Steve is at DevConnections. 

It's not bad enough that people get tons of spam, some of it cleverly disguised and hidden in messages we might be expecting, but this idea is doubly wrong. Apparently someone setup a spam message that informed people they'd been laid off. When they followed a link, a keystroke logger was installed on their machine.

So not only did their emotions skyrocket with the news they might be let go, but they potentially could get let go anyway after someone discovers they've installed software on their machine that could compromise the company.

I'd like to think that administrators wouldn't be fooled by this and get something installed that would grab their passwords, but it's not that easy. As an administrator, you should be wary of users on your machine without supervision, even under their own accounts. It's the same reason I don't let me kids work my computer without me being their; I'm not sure they won't get some trojan installed.

The other part of this is ensuring that your security paradigm is properly set up. Anyone could fall for one of these and if they had administrative or other "superuser" rights, who knows what would be compromised. It's also a good reason to ensure that you don't share passwords, especially high level ones, for some quick fix. If someone needs some extra rights for a day, grant them rights and then remove them as soon as possible.

And change your passwords. I've worked in places where passwords were in force for years and everyone knew what they were. Might as well have a blank password.

I think targeted SPAM will become and more common in the future. Writing scripts to change senders, customize messages, change logos, etc. and target specific groups of people is not difficult and as more filters become able to deal with the large blasts of identical email, those looking to trick you will evolve as well.

So spread the word and warn your users. A large part of security is education on everyone's part.

Rate

You rated this post out of 5. Change rating

Share

Categories

Join the discussion and add your comment

Share

Rate

You rated this post out of 5. Change rating

Related content

SQLServerCentral Editorial

Mini-Me

Will the next version of Windows be a "Mini-Me" version of Vista? Who knows, and it's too early to tell, but apparently there's a mini-kernel version of Windows 7, the one after Vista, which fits into 25MB on disk. That's a touch lower than the 4GB that Vista takes up. Granted it's not a full […]

You rated this post out of 5. Change rating

2007-10-25

105 reads

SQLServerCentral Editorial

An Hour in Time

Daylight Savings time switches a little later this year. In fact it's November 4th this year, after having been in October for all of my life. In case you don't remember which way we move the clocks, here's a saying: Spring forward, fall back.

5 (1)

You rated this post out of 5. Change rating

2007-10-17

216 reads

SQLServerCentral Editorial

Software is Like Building a House

One of the really classic analogies in software is that it's like building a house. You have a foundation, multiple teams, lots of contractors that specialize in something, etc. And it's an analogy that's debated as to its relevance over and over. I won't go into the correctness of this analogy, but I wanted to comment on it.

You rated this post out of 5. Change rating

2012-10-08 (first published: )

331 reads