Gallery

Protection...in a flash

Posted on 15 Jun 2007 at 11:13

Davey Winder gives portable security a thumbs up, bemoans Web 2.0 creationists and considers sex online.

Not that an .xxx domain would have solved all sex-related internet troubles. It would have had no effect on the strange tale of Sandra, her stiletto shoes and Skype, for example, which was brought to my attention by Sophos, which warned me that a message containing a link to said young lady wearing nothing but her high heels was circulating via Skype IM. Being a security specialist and having a little common sense, I grasped at once that this wasn't just a case of a bored extrovert showing off her new shoes (along with much else) to total strangers. Click on this link and in addition to Sandra's shoes, which were very fetching as I discovered in the cause of scientific research, you were also presented with a downloader trojan and a worm for good measure.

"Once it's up and running, the Pykse worm attempts to connect to a number of remote websites, presumably in an attempt to generate advertising revenue for them by increasing their number of hits," Graham Cluley, senior technology consultant with Sophos told me. "It's another example of the methods that malware authors can use to make money," he said. Quite. It's also another example of how easily the average end user can be tricked into infection - one mention of a naked lady in pointy shoes and common sense flies out of the window. The fact that Skype was the initial distribution vehicle just makes matters worse by highlighting the danger of uncontrolled VoIP usage, which is now rife in businesses across the country. A Sophos poll of sysadmins last year revealed that 86.1% wanted the power to control use of VoIP in their workplace, and 62.8% said blocking it was an essential move. Add IM into this mix as Skype does, and there's also the potential for data leakage as well as malware exploitation to consider. So before the next naked lady comes along baring gifts, perhaps you ought to make sure there's a policy in place to determine not only what IM clients are acceptable within your workplace, but also whether they should be allowed to communicate with the outside world?

Email Britain

At first glance, the Email Britain project from the British Library looks like a good idea: to create an archive of email correspondence in the UK. After all, this is the same British Library that receives copies of pretty much every book published in the UK, as well as all the foreign books distributed here for good measure. And the measure is a big one, some 13 million books and another million periodicals, journals and so on. There's a kind of virtual library out there already for web pages, known as the Internet Archive (www.archive.org) and searchable through the Wayback Machine interface. Founded in 1996 as a modern-day equivalent to the ancient Library of Alexandria (which supposedly contained a copy of every book in the world), it currently provides access to an archive of 85 billion web pages dating back to 1996, as well as 195,000 electronic texts, 65,000 movies, 137,000 audio items and 33,000 pieces of software. But no email, which is where the British Library comes in with its desire to create what it claims will be the first municipal email archive in the world. But asking people to submit examples of email from their mailboxes covering a variety of categories such as complaints, love and romance, humour and even spam, is a far cry from a Shakespeare first folio or the Magna Carta in terms of important documents. Indeed, the whole "electronic time capsule" approach to the project smacks more of a marketing exercise than genuine "vast snapshot of present-day email communications" that will "be of great value for future researchers" as a Library spokesperson has claimed. No surprise then that the project is a tie-in with the launch of Windows Live Hotmail in the UK, and will only actually be running during the month of May (so will be over by the time you read this) and is ridiculously being referred to as a 21st century Domesday book. I'm not sure that either Microsoft or the British Library has thought this through, particularly from the privacy and legal perspectives. Sure, the submission guidelines state "get permission from third parties included in the email and copy them on the email which you submit" and "remove commercially sensitive and personal information from your email, including all surnames" - can you imagine this will happen? Hopefully, there'll be a search facility where we can all go and look for mentions of ourselves, our companies and our business interests.

Download a year of Davey Winder's Online Security columns by heading to our Free Downloads site