Coding Horror - Spying On Users

Tuesday, March 11, 2008 by Mistlee

Can't see any images? - !

Recent Articles

Is Your Security Department Necessary?
"What do you do that provides value to the company?" With all the companies I have worked with and have worked in over the last 20 years, asking this one question seems to get everyone slack jawed at the...

How The Rise Of SaaS Relates To SOX, SAS...
The growing popularity of Software-as-a-Service (SaaS) is having a significant impact on data security and regulations compliance. Most companies are concerned -and rightly so- about the legal and security issues...

IT From A Different Angle
Nick Carr's new book, The Big Switch, takes on IT from a different angle and rests upon a metaphor -- that IT will not matter because it will move to grid computing in...

50 Ways To Optimize For Christmas
Jessica Hupp and her team at have come up with over 50 ways that you can optimize your website for Christmas. Read the entire post here.

Halloween IT Horror Stories: Users
Ok, they can't help it, but IT users provide most of the fodder for the jokes that we tell around coffee, or with our incredulous friends. People can not be that weird, but...


Coding Horror - Spying On Users

By Dan Morrill

Coding horror has an amazing story on why you should be careful of just about every download you put on your PC.

The story covers G-Archiver from Brother Soft, where the programmer coded a Google mail username and password so that everyone who activated the software had their user credentials stolen, and sent to gmail.

You need to check out this image to get a full feel of the concerns and issues.

From a security viewpoint this is a very good reason to code walk anything coming in the door and verify that the software is good software that performs the function as advertised without any nasty surprises embedded in the code.

A great software is called reflector as a dot net program that allows someone to navigate search and check out any program coming in the door.

I used Reflector to take a peek at the source code. What I came across was quite shocking. John Terry, the apparent creator, hard coded his username and password to his gmail account in source code. All right, not the smartest thing in the world to do, but then I noticed that every time a user adds their account to the program to back up their data, it sends and email with their username and password to his personal email box! Having just entered my own information I became concerned. Source: Coding Horror

There is a lot to be said for getting software from trusty sources, but even trusted sources might be doing bad things that people do not know about.


About the Author:
Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community.

About ITProNews
News and updates for the IT professional

ITProNews is brought to you by:

-- ITProNews is an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
©2008 iEntry, Inc. All Rights Reserved Privacy Policy Legal

archives | advertising info | news headlines | free newsletters | comments/feedback | submit article

Unsubscribe from ITProNews.
To unsubscribe from ITProNews or any other iEntry publication, simply send an email request to:
ITProNews News Archives About Us Feedback ITProNews Home Page About Article Archive News Downloads WebProWorld Forums Jayde iEntry Advertise Contact