Messaging Newswire
Follow Us on Twitter
Facebook Page
Google Plus Page
RSS feeds
Safe Real-Time Communications
Widgets & RSS FeedsLast week US_CERT republished a Mindi McDowell and Allen Householder article on using instant messaging and chat rooms safely. I thought it was a good reminder, and worth sharing some of the offered tips.
Included in the description of real-time communication tools is instant messaging and public or private chat rooms/forums. The authors also included “chat robot” software services, like weather reports, stock status, or movie listings, noting that users may not realize that the responses are coming from a bot, not a real person.
McDowell and Householder offered the following list of dangers: (This is the good reminder part and perhaps worth passing along to users.)
Identities can be elusive or ambiguous. Not only is it sometimes difficult to identify whether the “person” you are talking to is human, but human nature and behavior isn’t predictable. People may lie about their identity, accounts may be compromised, users may forget to log out, or an account may be shared by multiple people. All of these things make it difficult to know whom you’re really talking to during a conversation.
Users are especially susceptible to certain types of attack. Trying to convince someone to run a program or click on a link is a common attack method, but it can be especially effective through IM and chat rooms. In a setting where a user feels comfortable with the “person” he or she is talking to, a malicious piece of software or an attacker has a better chance of convincing someone to fall into the trap.
You don’t know who else might be seeing the conversation. Online interactions are easily saved, and if you’re using a free commercial service the exchanges may be archived on a server. You have no control over what happens to those logs. You also don’t know if there’s someone looking over the shoulder of the person you’re talking to, or if an attacker might be “sniffing” your conversation.
The software you’re using may contain vulnerabilities. Like any other software, chat software may have vulnerabilities that attackers can exploit.
Default security settings may be inappropriate. The default security settings in chat software tend to be relatively permissive to make it more open and “usable,” and this can make you more susceptible to attacks.
Other tips to users include: try to verify the identity of the person you are talking with, and be conscious of the information revealed during a chat, especially sensitive business information over public IM services.
Some of this is common sense, but as the old saying goes: “common sense isn’t always common.”
===
Eye on Messaging is written by Stephanie Jordan, editor in chief of Messaging News. If you have story ideas or news to share, email her: sjordan [at] messagingnews [dot] com
