- Securing SSLVPN with client certificates
- Toshiba propels DVD quality to near HD
- 16 hot roles for IT pros
- Torvalds: Fed up with the 'security circus'
- The dos and don'ts of IT job seeking
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
To office workers trudging to their cubicles, the promotion looked like a chance at sweet relief from the five-day-a-week grind.
By simply running a free CD on their computers, they would have a chance to win a vacation. But the beguiling morning giveaway in London's financial district last month was more nefarious than it appeared.
Like flies to garbage, dozens of victims took the CD, unable to control the irresistible attraction of "free."
Secret agents behind enemy lines, the CDs piggybacked through companies' physical security systems tucked in the bags and pockets of their couriers. The office workers dutifully took the CDs to their desks and plopped them in their employers' computers.
The mission was complete.
In the process, the CDs likely skirted an array of IT security systems in place to prevent malicious code from being installed. Although the CDs did not contain malicious code, the exercise accomplished the point Robert Chapman wanted to make: People are misinformed about what actions could damage their computers or expose them to malware, adware and viruses.
"All these things are bypassed by human nature and curiosity and a level of ignorance and naiveté," says Chapman, director of The Training Camp Ltd., a computer training and consulting firm based in London, who came up with the idea. "The lure of a free holiday entices them more than the potential damage that they may make to their corporate network."c
When a user ran the CD, the code on it prompted a browser window that opened a Web site, Chapman says. The site then tried to load an image from another Web site, Chapman says.
The number of people who opened the CD could be tracked by the number of times the image was accessed, he says. Users saw only an error message saying the page could not be loaded, he says.
"There is nothing clever about it or illegal," Chapman said of the CD's code.
Although the front of the CD contained a written warning to users to check their company's internal security guidelines before running it, as many as 75 of the 100 CDs were played. Chapman says he was able to trace the IP addresses of those computers that tried to access the image and found that employees at two well-known insurance companies and a retail bank were among the duped.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment