Security Advisor
Hackers Know Where You Skype
Microsoft, which purchased VoIP juggernaut Skype last year, is currently investigating an issue in which hackers, using a modified client, can pinpoint an IP address of a Skype user.
The tool, which initializes snooping mode in Skype 5.5, was released this week online. While the folks at Skype probably don't see this as good news, it's also not dropping any personnel jaws. It knows what business it's in (Internet communication) and it knows that, no matter how secure your software is, someone's going to figure out a way to grab some communication it shouldn't have access to.
While the company looks further into the matter, it is dropping the ban hammer on those it sees using the modified client. But with how easy it is to make an account -- takes a couple of minutes to set up a new, free username -- hackers just shrug it off and create a new one.
Marcus Carey, security researcher at Rapid7, believes this tool of malice could also be used for good. Law enforcement agencies could use it to find those up to no good on Skype.
I'm of two minds on this: While I'm all for the takedown of those who use the anonymity of online to conduct their harassment or scam, I'm also against tools that make it easier for the eye of the government to be locked onto our every move.
What do you think? Is a slight sacrifice in privacy (and, honestly, Google does this on a daily basis) worth taking down online rapscallions? Let me know at [email protected].
Virtual Hall Monitor
Online privacy is important (in case you missed my viewpoint from the previous entry). But what about online privacy when you're on the company's dime? Just like you can't hijack the company's scanner for your own self-publishing needs, you can't hijack the company's WiFi for your own personal use.
This month's Redmondfeatures an in-depth piece by Derek Schauland on the best practices of employee online monitoring. And the No. 1 suggestion he gives is making it clear to everyone what the policy is. This will help to clear up some of the confusion, along with deterring some from spending all day playing online poker.
And this helpful hint doesn't only keep employees productive -- it drastically cuts down on the amount of malware infections that could be contracted when visiting sites that shouldn't be visited at work.
What's your company's online monitoring policy, and do you clearly let employees know what you are watching? Shoot me a response at [email protected].
Playstation Network Hacker Enters Belly of the Beast
Remember last year's breach on Sony's network that knocked off online support for weeks last year? Well, the hacker responsible is now getting the VIP treatment from the company who lost millions of dollars due to his online antics.
The hacker, named George Holtz (what kind of cool hacker name is that?), was invited to Sony Computer Entertainment's headquarters months after the attacks to discuss how exactly he pulled off a feat that angered millions of online Call of Duty players.
According to Holtz, he "found a roomful of PS3 engineers who were 'respectful'" that "wanted to learn more about how he had beaten their system."
After he finished discussing how he pulled it off, Holtz was given a personal tour of the company's basement, in which he was never seen again.