[ISN] EDS postpones instant message ban

From: InfoSec News (isnat_private)
Date: Wed May 15 2002 - 01:03:05 PDT

  • Next message: InfoSec News: "RE: [ISN] Smith Bill Raises Police Power Concerns"

    By John Leyden
    Posted: 14/05/2002 at 11:12 GMT
    EDS has postponed its proposed ban on instant messaging after staff
    told its techies that it was an important tool for communicating with
    Last week, EDS told staff that IM products (such as AOL, ICQ and
    Yahoo!) would be blocked at its firewall from May 8. It cited security
    concerns, especially the fears that viruses which would otherwise be
    blocked by gateway AV protection would slip through to user
    workstations via instant messages.
    EDS has now postponed the blocking order.
    In a memo to staff, Paul Clark, EDS' chief information security
    officer said "due to the nature of this change, we are aware of
    several clients that are affected and are working to co-ordinate
    alternative solutions for those clients. Blocking instant messenger
    capability at the firewall will not occur as previously scheduled on
    08 May 2002."
    "We will follow-up when a new date has been determined," he added.
    EDS is not alone in its attempts to curtail users' of chat and instant
    messenger services at work.
    Last week we reported how Samsung has commissioned its systems
    integration arm to create filters that prevent workers from accessing
    portals such as MSN Messenger and Daum Messenger, and also to
    intercept inbound chat and IM traffic from outside the company. The
    move created discontent among employees, the Korea Times reports.
    Alcatel workers in the US have been banned from using instant
    messaging for some time, a Reg reader who works for the company
    informs us.
    IM is convenient but it can create holes into an organisation. Instant
    messaging attacks have become a common method of propagation in recent
    viral outbreaks, and (as CERT warned back in March) a tool for social
    engineering, including tricking users into running malicious software
    (potentially DDoS attack tools) on their machines.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed May 15 2002 - 04:47:51 PDT