Security optimize

The perpetual folly of end users


It appears that the folks over at security company Sophos decided to put together an experiment to research the identify theft risks associated with social networking.

Not surprisingly, they found that 41% of users readily hand out information that could be used to personally identify them -- to complete strangers.

According to Information Week:

[The] Sophos researchers created a profile on Facebook for a small plastic frog they named Freddi Staur, which is an anagram of "ID fraudster." Divulging only a small amount of information about himself, "Freddi" sent out 200 requests to a wide variety of other Facebook users, asking them to join the frog's friend list.

To round-up the results of the 200 contacted, 87 responded and agreed to be friends (To a frog?!)

  • 82% gave "Freddi" an open view of their profiles
  • 72% divulged at least one of their e-mail addresses
  • 84% gave up their date of birth
  • 87% offered details about the location/name of their school or work
  • 78% gave their current address

The concern here, as highlighted by Ron O'Brien, senior security analyst at Sophos, is that such information could potentially provide the essential elements to gain access to people's personal accounts. Additionally, knowing a specific target's interests could also allow hackers to design targeted malware or phishing e-mails that they know the user would be enticed to open.

Somehow, I do not find that surprising. I mean, if people click on an advertisement promising them a malware infection (My TechAtPlay Blog), what more can you expect?

Do you have any end-user (horror) stories to share?

NEWS FLASH! Top end-user horror stories will be put to a vote to win an exclusive TechRepublic mug! So what are you waiting for? Submit your stories today!

--------------------------------------------------------------------------------

Stay on top of the latest tech news

Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

43 comments
thart
thart

When I was in college working for a consulting company, I continually had to visit a client with a printer problem. The problem was he would always unplug it in order to use his scanner. No matter how many times I explained the situation to him, he just didn't seem to get it. He must have easily spent $1000 that year to have me drive to his house and plug in his printer. I use to work for a bank with a 12 branch WAN run over VPN. I very clearly explained to the users at each branch that should they, for some reason, be unable to access the internet, they would need to call me as e-mail would not work if the internet was down. Never failed that whenever I fixed the internet connection problem my inbox would be flooded with emails telling me they could not connect to the internet. But my favorite was when I still worked for the bank. We had the power at one of our branch sites go out. This affected everything, including their phone system, thus we had to communicate via cell phones. The branch manager called me up during the power outage and explained that his computer would not turn out and would I be willing to drive out there and bring him another system that would work. You'd think a guy responsible for millions of dollars in loans would be smarter than that...

Big Ole Jack
Big Ole Jack

Any wonder why there has been a spike in foreclosures and the subprime mortgage market is a taking a hit? It's because these mortgage loan officer clowns engaged in stupid and risky behavior. Now getting back to this moron wanting a replacement system when it was clear that the power was out, this just goes to show the stupidity and lack of "listening" when you tell them what the problem is. The hear what they want to hear, but they don't listen.

mattohare
mattohare

I was absolutely stunned when I saw people that were otherwise paranoid about their personal data, but would complete ANY quiz with out a bother. One such quiz, through various questions got full name, mother's maiden name, birthdates of a few family members, pets' names, and siblings names. That was just one quiz! And, I saw three of these on one screen when I logged into myspace! I posted a blog and a notice pointing out the issues with that quiz and others. I just hope a few more people get a cop on to it.

Nodisalsi
Nodisalsi

I'd rather make friends with a plastic frog than some idiots and airheads I've encountered on social networking sites. But there's worse. End users who are offended by being asked for a password - into *their computer*. They tend to have blank passwords. So a hacker could query "Are you Fed up with all those Passwords?" on a forum posting. By planting an Image bug hosted from their own personal webserver they can get IP numbers from the access log, match them with the T&D of sympathetic rants, and then attempt blank password logins to these client machines. I recently installed a redundant old computer in my workplace for a reception display screen. Most people refused to use it because it requested a password (which I set to be the same as the office's post code). So to be diplomatic - I am in the minority amongst security unconscious technophobes - I cleared the password. It got stolen from the reception the following day. It was locked down properly (with a Kensington lock) and it took the thief 40 minutes to prise it free - which he only managed to do so by breaking and bending the metal case on the unit itself. I know this because two workers saw him at the unattended reception while passing at two different times - and did not challenge him looking sweaty and suspicious. Then an hour after the act when I came in - I was the only person to notice it missing; two more staff noticed it wasn't there but didn't think anything was wrong. Then I train a dozen people how to use a computer based information system; a week later they either lost or they are breaking it because each individual has acquired an idiosyncratic habit which is incompatible with the procedures for using the system. The system gets blamed for "being broken", "not flexible", or "dumb". I am told I can't expect everyone to be as smart as me. An office I once assisted threw all my work out because I fixed their printer settings in their Office apps to print on A4 - the size of paper that's in their printer - rather than Letter - the size M$oft set as default. I was accused of breaking their system because their letters now looked different. Colleagues are constantly throwing sick days for strain injuries, aches and pains; I've tried to tell them that they only need to sit properly facing the computer - but they continue to lean on their desks with one elbow resting their head in the hand, look at the monitor over one shoulder and operate the keyboard with one finger. Behind my back I am compared with the Nazi Gestapo for insisting on correct seating arrangement in spite of all the health problems I have highlighted caused by bad posture. I cannot (and refuse to) provide assistance over the phone because I cannot force my users to use the correct terminology. Apparently, terms such as "Desktop", "Start Menu" and "Task Bar" are jargon terms which causes their brains to short circuit into stupour, and the whole computer system is "down" because they've left their CAPs lock on during the logon process, or they don't realise the logon name is not theirs! "Look here", I point at the screen and one user waved me off: "I don't want to learn all this technical stuff - just fix it." Keyboard shortcuts are never used - unless they can operate them with a mouse. Desktops are littered with superflous icons because the Start Menu is never used. I should stop now, I could go on for ages.

jacky.cheung
jacky.cheung

I have had users complained about missing files and systems hang all the time, so I turned up, only to find she decorated her stand-up desktop PCs with a dozen of magnetic stuff on the metal case as if it's the door of the fridge...

jmgarvin
jmgarvin

Did you ever have an IT job in New Mexico ;-) Actually the worst problem I had was a guy had a giant rock on top of his box and he kept on having all kinds of strange issues....I'd bring it back into the shop and couldn't find a thing wrong with it...so back and forth I went, even going so far as to give him a test machine...no luck...Finally I asked what the rock on top of his computer was (more out of curiosity than thinking it could have been part of the problem...guess what, it was magnetite. Jeez

Menopausal
Menopausal

Don't you think the best marketing piece of all time would be a magnet advertising computer repair services, just tell your clients to keep it handy by sticking it to the PC?

boxfiddler
boxfiddler

users who believe the trial version of anti-virus on their new machine is all they need... and that it shouldn't need updating. I've seen several of these, and the nits can't ever figure out why they have such trouble with their computer in spite of the nagging I do.

Locrian_Lyric
Locrian_Lyric

I configure it, including AUTO-UPDATES for the virus protection.

Dumphrey
Dumphrey

My mom is a paranoid who uses multiple deadbolts on her door, a good AV program, 2 anti-spyware programs, a software firewall (not windows)keeps everything updated...and still uses dial up...bless her..she spends more time updating then browsing. Good thing she has a second line just for the computer.... My dad I got to switch over to linux about 2 years ago. He had bought an iBook, which he liked, so I sent him a knoppix cd. He like dthe idea of open source, found an old computer, installed Ubuntu, and hasn't looked back. Now days, I provide phone based tech support, and he sends me Kona coffee...good deal all arround.

mhbowman
mhbowman

It's the place you work. I would bet my paycheck that you're at an office where IT people, such as yourself, as treated as servants. As in: YOU need to come here and fix MY computer because MY job is what keeps this place in business. What needs to happen is that YOUR boss needs to explain to their boss that YOU are in fact a CO-WORKER or a FELLOW employee and you're NOT going to be treated any different or HR will be getting a call. I actually walked up on a stupid argument between employees where the sales guy said he was the one that was most important because he brought the money in etc. and so on down the line. Then I said well I'm the IT guy and in my job I have to know what ALL of you do and not just one task. Without ME you'd all be using typewriters and file cabinets. Who wants to try that? They all said I won and went back to work. By the way this place was EXACTLY what you described. Because my boss wouldn't say what needed to be said, I did. Two weeks later I turned in my notice and never looked back. Money is nothing if your miserable.

Big Ole Jack
Big Ole Jack

because the touchscreen is "too complicated" for them to read and follow. I have little patience for such people and usually grunt angrily and storm out of the bank because it angers and annoys me at how slow and clueless they are. It's right there, all the information they need, in front of their faces, in plain English or whetever language they choose, so what's so hard about it?

Locrian_Lyric
Locrian_Lyric

*People who stop at onramps on the highways *People who go to the supermarket, pay with a check, and wait until the cashier is done ringing them up to even BEGIN to fill out the check. *the jerks who get on the highway, put on the cruise control and SIT IN THE LEFT LANE! *Anyone working at Motor Vehicles. *(l)users who try to cover their mistakes *People who snark and offer no ideas of their own.

Dumphrey
Dumphrey

with you up to a point.. "Can't blame them there. Setting there with a blank check half made out and signed (some do that too) would be great for the theif behind them or around them." is very valid, and bothers me not in the least, but when they start balancing the last weeks transactions , WHILE the cashier is beginning to ring you up, it irritates me. Put your tongue back in your mouth, un-cross your eyes, go home, and use a calculator..sheesh, you would think basic math was rocket science...

Dumphrey
Dumphrey

people who drive in the left lane, in the blind spot of someone in the right lane, at the same speed as the car in the right hand lane. Thus blocking all traffic from going faster then 5 under the speed limit. I swear, one day my car will have a grill mounted machine gun....

jmgarvin
jmgarvin

Most places still print your name and full card number on the receipts! WTF!? Oh and I once scratched out my card number (save for the last 4) and was yelled at because they could "no longer process" my transaction! Huh? They have my name, the last 4, and the transaction number...they can figure it out, I'm sure.

Locrian_Lyric
Locrian_Lyric

forget signing it, but you can at least put down the name of the market you're going to buy from, have your check signing card or licence ready, et cetera....

Big Ole Jack
Big Ole Jack

and are somehow "afraid" of using plastic instead of paper. It's actually safer to use a debit card because one has to know the PIN code to use it for most transactions, and the bank will reimburse you for fraudulent charges if you notify them quickly. A check is much easier for a thief to use than a stolen debit card.

ByteBin-20472379147970077837000261110898
ByteBin-20472379147970077837000261110898

"People who go to the supermarket, pay with a check, and wait until the cashier is done ringing them up to even BEGIN to fill out the check." Can't blame them there. Setting there with a blank check half made out and signed (some do that too) would be great for the theif behind them or around them. Just snatch and run! At least if you fill it out when you know the total, you can fill the total in first (they wouldn't get anymore than that amount), then who it's to (they can't cash it if they aren't the party receiving the check), then the signature last. This at least will help deter theft. But best of all, use a bank card, or a store card that lets you pay your purchase through your bank account. At least if it gets lost or stolen, a call to the issuing agency can help recover most if not all the costs.

paulmah
paulmah

Do you have any end-user (horror) stories to share here?

Menopausal
Menopausal

I had a client who requested tech support because she could no longer open email attachments, instead she was getting a dialogue box asking her to click a link or enter a username and password. She insisted she must have a virus. Upon inspection, all the email attachments were Word or Excel docs. When trying to launch them, a dialogue box did, indeed pop up: "Your trial version of Office has expired. Please click here to purchase or enter your license key here" with a corresponding link and license key box. $100 for a house call to read your own screen to you, thank you. Also funny but not (quite) as stupid was the gent who called in and requested remote support to view a presentation that was on disk. After remoting in, at first I thought the computer didn't recognize the CD drive; so I asked, "Where is the disk?" and he says it's on his desk, should he put it in now? "Yes, put it in." Whereupon the presentation autoran. Making it look easy isn't half as hard as making it look hard...

hueta
hueta

I experience stories like this all the time. Check out my blog, I put some of the best ones there at: http://enduseridiots.blogspot.com/ Peace

NexS
NexS

It is peace. Peace to be given, as a final word, to the long-dead discussion?

AugustUser
AugustUser

Not really a "horror" story, but funny. I received a call from an employee who could not login to her computer. After asking a few basic questions: "what error message are you getting?" etc. I quickly narrowed it down to a loose or unplugged patch cable, or at worst a bad NIC. Since I knew the layout of her office I asked her to look to the right of her desk and locate the black cord that was plugged into the wall, I explained that it looked like a telephone cord, but the end would be bigger. I wanted her to check and make sure it was plugged in securely. She replied "well I rearranged my office and now nothing works." I explained to her that it was more than likely just a loose network cable and she just needed to make sure it was plugged into the wall and into the back of her computer. She then said "well I never plugged it back in, I didn't know I needed it." I explained to her that was how her computer was connected to the network and without it plugged in she wouldn't be able to access her files, etc. She then said, "you mean all my files are kept in that little cord? Isn't that kind of risky?" What do you say?

dryflies
dryflies

People ignore it. Computer security and privacy training. Every year the following multiple choice question is on the test: If you receive an e-mail which you believe is infected with a virus what should you NOT Do: A. Shut off your computer B. Report it to your suprevisor C. Unplug your Network Cable D. Forward the message to IT support The correct answer is D. But Every Year I get a forwarded message from one of my users: Would you please check this message for a virus. My virus scanner says it is infected. Every Year! and that question has been on every test for the last 5 years, and probably before that!

Locrian_Lyric
Locrian_Lyric

I worked for a multinational company at the time.... Well, I got in early and there were MASSIVE warnings about the "I love you" virus all over the place.... I called my (not yet)Ex and told her what was going on and to warn her coworkers about it. She sent out an email detailing what I told her.... IT director gets all pissy about 'unofficial emails regarding IT policy" and sends out a mass email calling it a hoax.... so, naturally, everyone was curious as to what the big controversey was over......

boxfiddler
boxfiddler

there was a discussion here for a bit about that, but I ain't goin' lookin' fer it. Never cease to be amazed.

Locrian_Lyric
Locrian_Lyric

do an experiment with a button that said "CLICK HERE IF YOU WANT YOUR COMPUTER TO BE INFECTED WITH A VIRUS" and then got hits by the tens of thousands?

boxfiddler
boxfiddler

virus took down our campus network for several days in spite of 'official' IT emails to all personnel instructing them not to open ANYTHING with that subject line. Sheesh...

Big Ole Jack
Big Ole Jack

look at it and inspect it with your bare hands? I suggest you give your users this analogy and let them put 2 and 2 together.

jason.wilcox
jason.wilcox

Many years ago, I recall selling a Compaq PC to a woman. She brought her pc back several days later because the 3 1/2" floppy drive "was not working". Upon a tech inspecting the drive, it turned out she'd cut several 5 1/4" disk down to approximately 3 1/2" in order to fit them in the smaller FDD. Good times...

brian.payne
brian.payne

I had a user call one of my System analyst one day saying that her "Modem" was making an awful racket. When it was explained to her that we don't use modems in our network, she replied that it must be her monitor that was the culprit of the noise. Taking a guess at the sources of the noise, my SA wisely asked her if she had anything that might be hitting her keyboard. There was a shuffle of papers on the other end of the line, and then she exclaimed "Oh, my stapler was on my keyboard!" Should we really have to tell people that the top of your keyboard is not a good place to store your stapler? I cease to be amazed at how stupid people can be.

HAL 9000
HAL 9000

Who being a typical end user just plugs something in and expects it to work regardless. He brought a Europe Map for his GPS and I got called over there because his GPS was no longer working after loading the Europe Map. Apparently he had done everything correctly and then entered a Destination in Spain. He then insisted that the unit wasn't working because it failed to give him directions to drive to Spain from AU. No matter how much I tried to explain to him that he couldn't drive there from here he couldn't understand why the GPS was not giving him directions to his desired destination just a distance. In the end I took him to the beach pointed that way and said [b]How Do you Drive There?[/b] When he couldn't see any road he then realised why the system wasn't working. But to be fair it did give him directions to get to Darwin which is the most Northern populated place in AU and included in the internal GPS storage capacity. Of course the way through Indonesia and the other countries couldn't be provided but then again I didn't like the idea of programing several Flash Cards to change in every country en route. Col

Big Ole Jack
Big Ole Jack

I came across some really braindead woman who would keep a potted plant right on top of her CRT monitor and would water it, letting water trickle into the ventilation slits of the CRT tube. Needless to say, she fried the monitor and it was a miracle that the CRT didn't explode in her face, resulting in some major plastic surgery to remove shards of glass, plastic, and other electronic components which could have lodged into her dumb head.

retro77
retro77

Its a good thing this dont explode, they implode. Now glass bouncing off of the inside of the case can bounce back out at you.

HAL 9000
HAL 9000

So instead of just 1 Electron Gun to dodge there where three. :D Actually I've never seen a Computer monitor spit out the Electron guns mainly because all CRT Monitors have a screen between the Electron Guns and the Face of the Tube. But there have been several monitors that no longer work and the CRT rattles when you move it about. I would tend to believe that the Mesh Screen stopped the guns before they could escape out the front. :D But I've seen the results of a few going off and destroy packaging. Thankfully they have always been in containers or the whare house when they failed so there was never anyone in harms way but it's not something that I would recommend as something to try out for fun. :^0 Col

ozi Eagle
ozi Eagle

Hi, Way back in the foggy mists of time, I came across a story in one of the local electronics mags (Radio, TV & Hobbies for youse old Ocker types)where there was a regular article from a TV serviceman. In one of these he described how, after repairing a TV, he left the room, closed the door and then heard a loud thump on the door. Opening it again he found that the TV had a hole in the front of the tube, and the electron gun was quivering in the door. Herb

HAL 9000
HAL 9000

There is a mesh just inside any Computer CRT Screen that would reflect any broken Glass and Plastic out wards after the front of any CRT Tube implodes. So while the actual method of causing injury is different the final outcome is exactly the same. Many years ago I remember getting a monitor back that was distorted. Under close inspection I found that the front of the CRT wasn't properly formed so I walked around the bench and made sure that it was packed away with the back always facing me. Several Days latter before it could be shipped the thing went off and showered the inside of the Whare House with Bits of Broken Glass coated with Phosphorous and other bits of the internal CRT all of which where metal. About the only thing that was good about this Monitor going off was that the Electron Guns remained intact so you only had bits of Glass, Plastic and some Metal exiting the CRT but no electronic components. I believe that the Electron Guns could still produce enough power to fry someone standing at the face which wasn't a good thing. But then again I would hope that no one would be silly enough to actually try it in that condition. But none the less I made sure that it couldn't be used as I didn't entirely trust the Whare House People at the other end either. :D Col

boxfiddler
boxfiddler

at least not in the NetAdmin sense, but I do have a barter client who is a nightmare. He can't make ANY (eny) installation or update decisions without weeks of endless discussion and multiple daily emails to me regarding whatever decision he is facing. He refuses to research anything before contacting me. He asks the same questions over and over and over and over... If I had the money to pay for the service he offers in return I would tell him to bugger off (to borrow a wonderful term from another discussion). eny=emphasis not yelling