You can't secure what you don't acknowledge.SM

Monday, December 15, 2008

A new channel for data leakage/breaches?

I just had a flashforward moment a minute ago. I was dragging and dropping a file on my Windows desktop and it "landed" on the Skype window I had open. It didn't do anything because I caught it in time but I thought: Oh no! What if I accidentally transmitted a file to someone in my phonebook? Perhaps someone that didn't need to see that file.

But then I thought - nah you couldn't do something like that. Maybe in applications down the road. Well, sure enough you can - today! I tested it again and it works. It's like dropping a piece of jewelry down a well that ends up on the other side of the earth... but it could be much worse. You send a file to someone over Skype (or whatever) that they shouldn't see - and you can't get it back.

Keep this in mind when training your users about the security issues associated with P2P/IM/Social Network/whatever applications. I know, you don't allow those apps. But they're using them anyway! Seriously, this could be an exposure waiting to happen and would be a tough one to explain.

No comments:

Post a Comment