Very Low Fidelity

 In ITC's Threat of the Week

Fidelity (noun) – faithfulness to a person, cause, or belief, demonstrated by continuing loyalty and support.

ashley madison 3

So it’s all gone the way of the pear (pear shaped) for the punters of Ashley Madison with all of their details being published online after AM refused to give into whatever demands the bad guys made. Publicly this was to shut down AM, although we suspect a large brown envelope may have been suggested as an alternative solution!

It transpires from the leaked data that somewhat unbelievably, a large number of AM punters used their work addresses for registering on the site and are clearly totally clueless about privacy. Would you be surprised to hear that these include UK Police Officers, high-ranking Civil Servants etc. etc. People whom it would be easy to blackmail, just saying.

The use of work emails to register with shady or even legitimate (but worrying for businesses) sites is rife. A customer of ours was recently contacted by DropBox and told that due to the number of @theircompany.com users registered, they qualified for corporate membership, an account manager and a cuddle. Trouble is the company had no legitimate dealings with DropBox. When everyone came round and a thorough investigation was completed, it transpired that mobile device users (of their own devices) were using their work email addresses to enable the automatic copying of photographs from their phones to the cloud, panic mostly over – what else is DropBox being used for that it shouldn’t be?

This all comes down to User Education, something we have bored you about time and time again, but is SO important, especially when it appears that their are some very silly people amongst us, possibly sitting next to you right now. Give them a reminder to keep breathing in case they forget and get them some training, assume nothing!

On the subject of the ‘continuing loyalty and support’ bit of fidelity, it seems to us like Microsoft is currently pushing the boundaries of this from their long suffering customers, to the point where a trial separation may have to be considered.

“What now?” we hear you groan. Well it appears that Microsoft is refusing to reveal the contents of cumulative patches for Windows 10, instead describing them as “improvements to enhance the functionality of Windows 10.”. Brilliant.

Not only does this totally undermine one of the fundamental principles of security- if you don’t know what you are vulnerable to, you can’t protect or alert effectively, but will lead to incredible suspicion. Is Microsoft harvesting even more of your private data? Are they covering up things that they failed to patch last time and you have been vulnerable for a month or more?

As well as delaying your leap into the unknown (AKA Windows 10), we think that this should lead you to have a serious conversation with your Microsoft account manager (if you are worthy enough to have one), or drop an email to Microsoft asking for clarification. It probably won’t be read but at least you have done something!

We will be monitoring this pretty bad situation for developments.

If you would like to discuss any of these topics in a rant free environment, please contact us on: 020 7517 3900 or emails: enquiries@itcsecure.com

Enjoy what is left of the summer.

Author: Kevin Whelan

Recent Posts

Leave a Comment