Instant Communication Software (IM) is convenient, fast, but it may not be as safe as you think. Network experts tell you, should be careful when using IM software.
In the United States, entering any company, often seeing the employee's computer, opening an IM software: ICQ or MSN or other stuff. According to IDC, a survey report last March last year. 5 million to 6 million companies worldwide use IM software. It is estimated that by 2004, this number increased to 18 million. The reason is simple, all IM software is easy to install, easy to upgrade, can be used as an ideal internal communication tool.
Using IM exchange comments, convene meetings, it looks very secret, safe. Many people think that these IM tools are well safe, so it is estimated that someone who uses IM software to transfer some information with hidden nature may be more than using email.
However, some security experts believe that in QQ discussions are not enough; and talk about sensitive topics more dangerous on IM software. why? Because in fact, the confidentiality of the IM software is the worst. The information in the IM software is rarely encrypted, so it is easy to steal in the case of nothing of the conversant.
The working principle of IM software also determines its unsafe. Using IM send information, the first is to send information to a third party server, and then transfer to the receiving terminal, which is very similar to the telephone system. Kris, security expert, security expert, security expert, said, "I think, many people think that they think that the two are directly exchanged when using IM software, just like the P2P system. And actually, a company user When using IM to communicate with his colleagues next door, his information is a company's firewall, to the AOL or MSN server, and then pass through these servers. This is different from e-mail, many companies have their own Email system. "
Chris said that the principle of IM software operation allows companies that provide IM services to "seize" all information transmitted through IM software. This is more easier than stealing phones, because voice data is often more difficult, and a huge storage device is required to store. The IM conversation record can also be used for court evidence. Currently AOL reserves 10 days of IM records. A network of online crime regulations in the EU is preparing to force ISP to retain IM conversation records. If any hacker is supplied to these servers, if the conversation is recorded, I am afraid that many companies' confidentiality will be large and white. This hacker event has happened in March: a hacker steady the ICPEFRONT's IM conversation record and published these records on the Internet. From the conversation record, you can see that the executive has told many customers' bad things.
Another unsafe factor comes from the software itself. Since the ultimate purpose of the IM software is just simple, convenient communication. Convenient cost is often safe. Many IM software's vulnerabilities are much more than Swiss cheese. Many hackers have discovered a lot of IM software vulnerabilities. Implementation of IM software also understands the unsafe of software. When users download and install IM, security is often a thing they finally consider.
Some security experts suggest that the company is forbidden to use IM software, but on the other hand, IM can increase productivity on communication to people (of course, the employee can waste more time, it is another problem), let people Unable to discard IM. And it is prohibited from using IM and will also bring dissent to employees. Safety expert John Kles said, "I know, when some companies block Yahoo's rumors forums and fuckedcompany.com (a commented website), some employees have begun to re-produce resumes."
A solution is to let Negatives accept the fact that IM is unsafe, and treat this as one of the costs and risks of business, and the person in charge of employee and company is best thinking while pressing the send button. Send an elimination of suppliers, or the company's information, is not safe? Another solution is that the company uses a better system, encrypts IM information, just like Novell and Mercury. Employees who don't have IM use restrictions in those companies, they must hold "even my network management know what I use IM, I am not afraid". Be sure, when you send those sensitive content with IM software, it is very likely that these contents are soakeous, becoming your trouble. (April 20, 2001)