[Sussex] IM Server
Steve Dobson
steve at dobson.org
Wed Apr 28 17:00:26 UTC 2004
Mark
On Wed, Apr 28, 2004 at 05:34:02PM +0100, Mark Harrison wrote:
> ----- Original Message -----
> From: "Jon Fautley" <jon at geekpeople.net>
>
> > Eeeek! You use MSN Messenger for corporate communications? I do hope
> > that nothing sensitive is talked about...
>
> Several of my clients use it, routinely, to communicate with all kinds of
> people, not just in-house, but suppliers, consultants, etc.
>
> The problem with all this "run your own server in house for security"
> business is that it restricts the number of people with whom you can
> communicate.
Isn't that the point. If the person isn't part of your company they
should not be included on company sensitive chats.
> The advantage of the MSN messenger service is that most people have it.
>
> Security policy is to treat external email and IM with the same degree of
> restriction with which you'd use a telephone - ie nothing company critical.
And how many people use telephones to pass on important information which
should travel over that medium?
> It's kind of odd that IT people these days seem to be more paranoid about
> "ever communicating anything" than the intelligence community was back in
> the early 90s when I worked for a part of ICL that put me in day to day
> contact with people in that community. (We were developing a product aimed
> at that community, and had some interesting people on the team as
> "consultants") ...
I see no evidence of "ever communicating anything" at all. I do see
"using the wrong communication channels" - but that is not the same
thing.
> > It's only recently that MSN messenger was encrypted at the client side,
> > there's also the problem that you've gotta tie all your personal details
> > together in one place (great for industrial espionage)...
>
> Do you have any examples of such industrial espionage having taken place?
http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=industrial+espionage+court+case&btnG=Google+Search
Some where around 50,600 hits. Is that enough evidence for you?
> > and do we
> > really think it's a good idea to have corporate communications leaving
> > the network, and probably being logged by a company in a seperate country?
>
> Dunno. I'm happy to use a BT line for a phone call about company business,
> and it would be VERY easy for someone to tap and log that...
And if you thought that your lines of communication were being tapped would
you still use them?
Some people are stupid enough to send e-mails on their plans to oust an
employee even when the e-mail server was in the control of that employee.
Do you think that this is intelligent and secure communications?
Jon never said that it was wrong to use insecure formats of communications
only that it was wrong for some types of communications.
Steve D
More information about the Sussex
mailing list