 |
|
| |
|
 |
|
IM privacy and security issues
Your instant message can be intercepted at any point in the path your message
follows to it's destination.
1) IM message transmission is not encrypted and
therefore not secure.
As of the date I wrote this article none of the freely available IM programs
(called clients) encrypt messages they transmit.
AOL Messenger (AIM), MSN/Windows Messenger, ICQ, Yahoo! Messenger and Google Talk,
do not encrypt messages you send with them. Instant messages can potentially be
read by other people as they travel across the Internet to their intended recipient.
Messages can be captured and read using a simple computer network monitoring tool
called a "sniffer". This type of tool is freely and easily available for download
on the Internet. I recommend you not discuss critical business, personal or sensitive
matters using IM products that do not encrypt your messages.
The IM client called
"Trillian" does provide the functionality to encrypt
and protect your IM communications. Any one you communicate with will also need
to be using the Trillian IM client. Each IM service uses it's own IM client. Most
of the IM clients are not able to communicate with each other. In most cases if
you want to communicate using IM with someone who uses the Yahoo IM service you
will need the Yahoo IM client installed on your computer. Trillian will operate
on multiple public IM services/networks including AOL, MSN, ICQ and Yahoo. This
avoids the need to download and install a separate IM client for each individual
service. You might also want to consider trying the freely available IM client
called Pidgin. Pidgin is free,
works with AOL Instant Messenger, ICQ, MSN Messenger, Yahoo! and Jabber/XMPP based
services/networks like Google. You can also install a free add on (plugin) to enable
secure, encrypted messaging.
|
|
|
2) Conversations can be recorded without your permission.
Some instant messaging programs allow conversations to be recorded and saved/archived.
You will have no way of knowing if the person your are communicating with is archiving
your conversation. The date and time of your conversations would also be saved/logged.
If the IM software you are using does not allow message sessions to be archived
text can still be copied then pasted into a text or word processing program. The content
of the conversation could then be saved. Your recorded conversations could
be used against you months or years into the future. In a business environment that joke
you made about a coworker could be used as evidence against you in a discrimination or
civil law case. The laws that cover the recording of conversations and how this
information can be used in court varies between states and at the federal level.
I suggest that you limit your language and actions (if video) to that
which would be deemed acceptable to your employer, the general public and perhaps
a jury.
|
|
|
3) Computer viruses,
"Trojans",
"worms"
and other malware can be uploaded to your computer.
Many instant messaging programs allow users to transfer files to and from each other.
A malicious individual could easily transfer (upload) a computer virus, worm or
Trojan or spyware to your computer. Some types of computer worms and Trojans allow
the intruder to control your computer system. They could then remotely read, view,
delete or steal files and information from your computer. If they delete important
system files your computer might not operate correctly (or at all) the next time
you turn it on. A malicious individual could also record and see what you type
using an application called a "keylogger". This would allow a malicious individual
to steal your passwords, credit card and account numbers and anything else you type.
This program could be easily uploaded (added) to you computer using the file transfer
function offered with many IM applications.
|
| |
|
The file transfer function of IM can also be used to upload and implant yet another
type of application that turns your computer into what is referred to as a "zombie".
A zombie can be remotely controlled by a malicious individual. Your computer may
be one of hundreds of thousands, even millions of "zombies" that can be used and
controlled simultaneously to form what is called a "bot net". The power of all the
computers controlled in a "bot net" can be harnessed to attack other computers or
computer networks (called a DDOS, Distributed Denial of Service attack). This type
of attack can disable the attacked computer or computer network. How many millions
of dollars would a large international retail business loose if their customers
could not access the company Web site during the Christmas rush? Criminals can
use a DDOS attack to extort ransom money from the company whose network is being
attacked. The computers in a bot net are also often used to send unsolicited
e-mail (SPAM) for advertisers. This is another means by which the people who
control the bot net generate income. A DDOS attack could be (and has been)
launched against a governments computer networks creating a potential national
security threat.
|
| |
|
Why is any of this important to you? If your home computer or SOHO
(small office, home office) computers are used as part of a DDOS or controlled by
a Trojan your Internet access speed may slow down. You might also notice the
performance of your computer or computers has slowed or become sluggish while
connected to the Internet. The application that is implanted on the infected
computer is using it's resources and Internet connection bandwidth.
|
| |
| The following list contains links to more detailed descriptions of threats
specifically designed to attack instant messaging (IM) clients and users. These
threats were prevalent at the time I wrote this article.
|
| |
|
4) Legal liabilities resulting from copyright infringement.
Most IM programs allow file transfers to and from your (the client) computer.
If music (MP3), movies, software or other copyrighted files were discovered
on your computer (or SOHO network) you, a family member or your business could be
criminally prosecuted and subject to civil litigation. The RIAA
(Recording Industry Association of America) and MPAA (Motion Picture Association
of America ) will continue to prosecute individuals who trade and download
copyrighted music and movies. At the time I wrote this article the RIAA had sued
over 18,000 people for copyright infringement. In most cases you must have permission
from the copyright holder to copy, distribute, modify, display or perform their
work. The penalties for copyright infringement include imprisonment and fines.
What is copyright? - Copyright is a legal right to control the
copying, distribution, modification, display, and performance of certain types
of works. It applies to text, graphics, video, audio, and many other forms of
expression. Examples of copyrighted work include songs (MP3 files), photos, books,
movies, video (MPEG files).
|
|
|
 |
|
| Copyright © 1996-2011 Tom Bowser. All rights reserved. |
|
