I just had a flashforward moment a minute ago. I was dragging and dropping a file on my Windows desktop and it “landed” on the Skype window I had open. It didn’t do anything because I caught it in time but I thought: Oh no! What if I accidentally transmitted a file to someone in my phonebook? Perhaps someone that didn’t need to see that file.
But then I thought – nah you couldn’t do something like that. Maybe in applications down the road. Well, sure enough you can – today! I tested it again and it works. It’s like dropping a piece of jewelry down a well that ends up on the other side of the earth… but it could be much worse. You send a file to someone over Skype (or whatever) that they shouldn’t see – and you can’t get it back.
Keep this in mind when training your users about the security issues associated with P2P/IM/Social Network/whatever applications. I know, you don’t allow those apps. But they’re using them anyway! Seriously, this could be an exposure waiting to happen and would be a tough one to explain.
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”