Sep 16 2009 6:31PM GMT
Posted by: Troy Tate
malware,
malicious software,
ad revenue,
computer network,
network access,
PC,
hardware,
software,
social engineering,
licensing,
permit,
Security,
information security,
browser security,
information security management,
user education
Yesterday Fierce CIO reported that New York Times falls victim to rogue ad. This is a trend that seems to be happening more frequently. Rogue malware ads are appearing in a lot of places these days in areas most people would trust as authoritative and reliable sources of information. It is unknown how much the rogue malware “seller” may have gotten by putting the ad on the NY Times website but they likely made something from unsuspecting users. The NY Times did suffer some amount of loss since they disabled all third party ads until the rogue ad was removed. What would you do if an ad popped up on a trusted website saying your computer was infected? Most IT professionals would disregard the message as their systems SHOULD already be protected. However, how much of the general population is not an IT professional (at least outside of their own home 
)?
What can and should the security industry do to educate users about these social engineering tactics? Should computers be “licensed” or “permitted” to be on the internet to reduce threats to unsuspecting users? That’s a thought for you… what governing body would issue these computer use permits? What would the rate infrastructure be like - based on processor/memory or bandwidth? Where would the permit fees go? Would there be some internet oversight body that uses the fees to have inline malware filters?
Thinking out loud here folks - offer some suggestions. Your input is welcome and appreciated.
Thanks for reading and let’s continue to be good network citizens!
=========================
20090918 Update:
E-Week reports that there is a surge in click fraud. According to the article this is similar to the NY Times advertisement malware threat discussed above. I fear this trend will only get worse. What is a legitimate advertiser or web services organization to do?
Apr 29 2009 12:40PM GMT
Posted by: Troy Tate
user education,
user training,
training,
IT management
Here’s a story that might help you think of a creative method to train users to NOT do what they continue to do even after you have instructed them in proper use of computer systems.
Lipstick in School (You’ve got to love this Principal)
According to a news report, a certain private school in Washington
was recently faced with a unique problem. A number of 12-yr-old girls
were beginning to use lipstick and would put it on in the bathroom.
That was fine, but after they put on their lipstick they would press
their lips to the mirror, leaving dozens of little lip prints. Every
night the maintenance man would remove them and the next day the
girls would put them back. Finally, the principal decided that
something had to be done.
She called all the girls to the bathroom and met them there with the
maintenance man. She explained that all these lip prints were causing
a major problem for the custodian who had to clean the mirrors every
night (you can just imagine the yawns from the little princesses.)
To demonstrate how difficult it had been to clean the mirrors, she
asked the maintenance man to show the girls how much effort was
required. He took out a long-handled squeegee, dipped it in the
toilet, and cleaned the mirror with it.
Since then, there have been no lip prints on the mirror.
There are teachers…and then there are educators.
Thanks for reading and let’s continue to be good network citizens!
