Is that you out there?

httpIn using instant messaging and live chat type applications, it is implicit that you know the person who you are communicating with. Pretty, obvious you would say.  You know all of the people in your contact lists and you are ,no doubt, careful as to how you build your ‘buddy lists’.  Now, if for example, I could pretend to be one of your friends, or contacts, just how far could I take this as we communicate on-line?

Could I get you to give me money? I came across this interesting article. It basically shows how a hacker who manages to get access to personal information, could then trick you to offer up money. There is a transcript, of a real life example, of an IM exchange that provides a startling insight as to how this could work. Fortunately, for the person involved, the hacker made a mistake in answering a question and then the game was up.

Socially engineered exploits like this are a warning to all of us.  To stop this type of rouse, technology alone will not protect you. You need to be aware that this can happen and you need to made sure that your passwords are safe and secure and that the amount of personally identifiable information on you is limited and controlled – technology does have a role to play here.  So, just because that picture, or avatar, is what you would expect from your ‘friend’, that alone is not enough to identify them.  Maybe, we need to adopt the approach, popularly used in spy movies, when two contacts get together and some obscure code word or phrase is exchanged? Certainly, it would make for more fun at the start of IM sessions! This sort of authentication protocol, or process, is how computers establish a secure communication between themselves. Maybe, it is something we as users need to look at.

January 22, 2009 | Filed Under Identity theft, Security 

comments

Leave a Reply