Support Forums and Security

Ahh, the internet. A most amazing place.

One of the most compelling uses for the internet must be for technical support. After all, the internet is the place where cool techies hang out and provides an ideal market place, free or otherwise, for them to demonstrate their expertise.

I was doing some research the other day (actually battling to configure a W2K laptop for broadband access) and needed some assistance with a setting. I simply did a search on Google and found the answer to my problem. On that journey I visited a couple of support forums and noticed something very interesting. When you have a support problem you need to give out a load of information – OS type and version, software installed, patches, nature of problem, network settings etc – plus you need to give a return email address.

At this point corporate security bods need to be paying attention. Are they aware that some of their techies may be giving away vital information of great interest to hackers on these forums? Yep, you’ve got it. By taking all this data kindly provided by your tech support guys hackers are able to form a clearer picture of what IT you are running and fine tune their targeting plans.

If your people do use public forums for support, insist they use an email address that does not refer to their employer by name, just to be a little safer.