Keys to the Kingdom

Keys to Cyberspace

One in three IT staff snoops on co-workers

From correspondents in Frankfurt June 20, 2008 04:40pm

ONE in three information technology professionals abuses administrative passwords to access confidential data such as colleagues' salary details, personal emails or board-meeting minutes, according to a survey.

US information security company Cyber-Ark surveyed 300 senior IT professionals, and found that one-third admitted to secretly snooping, while 47 per cent said they had accessed information that was not relevant to their role.

"All you need is access to the right passwords or privileged accounts and you're privy to everything that's going on within your company," Mark Fullbrook, Cyber-Ark's UK director, said in a statement released along with the survey results this week.

"For most people, administrative passwords are a seemingly innocuous tool used by the IT department to update or amend systems," he said.

"To those 'in the know' they are the keys to the kingdom."

http://www.news.com.au/technology/story/0,25642,23894863-5014239,00.html

Related:

Almost half of malicious sites tied to 10 networks

China mostly to blame, but so is Google

By Dan Goodin in San Francisco

Published Tuesday 24th June 2008 18:00 GMT

Almost half the websites pushing malware are hosted by just 10 networks, according to a new report that adds new support to the growing argument that a relatively few number of actors are responsible for most of the net-based threats.

The report (PDF) from StopBadware.org also showed a dramatic rise in China's role in the malware epidemic. Six of the 10 networks were internet service providers or backbone providers based in China and hosted more than 41 percent of the malicious websites.

Not that US companies weren't also contributing to the problem. Three American companies also made the list, including Google, whose blogs hosted 4,261 sites, or about 2 percent of the booby-trapped destinations.

The findings come a few weeks after anti-spam outfit Knujon released a separate report that found that almost 75 percent of spam sites were signed up by just 10 registrars. Once again, the three biggest offenders were located in China and included Xinnet Bei Gong Da Software, BEIJINGNN and Todaynic.

In many cases, owners of sites found pushing counterfeit watches, Viagra and other merchandise touted in spam failed to include correct contact information when registering the sites, as required. In an attempt to crack down on abusers, Knujon has begun reporting offenders to ICANN, which requires all website owners to be listed in a whois director. The sheer volume of the complaints has in some cases put a strain on ICANN's servers.

"It's like when you live in a small town and it's a nice place and the mafia moves in," said Knujon co-founder Bob Bruen. "Suddenly, things are not quite what they used to be because the bad guys are there."

http://www.theregister.co.uk/2008/06/24/stopbadware_report/