Users Should Be Wary When Web Sites Ask For Too Much Info - InformationWeek
IoT
IoT
Software // Enterprise Applications
News
9/5/2007
05:32 PM
50%
50%

Users Should Be Wary When Web Sites Ask For Too Much Info

Fortinet is warning users to ignore even legitimate sites' requests for e-mail and IM login information because handing it out is a bad habit to get into.

Security researchers at Fortinet say a new trend among popular Web sites like Facebook may be teaching users the wrong lesson, causing them to unlearn what took years to teach them in the first place.

The rule of thumb for well-educated online users is to never, ever give out sensitive information, such as log-in credentials. That kind of information is the stuff of dreams for the growing phalanx of phishers and hackers hungry for user names, passwords, and other choice tidbits of online identities.

The problem is that a growing number of legitimate Web sites are asking users to hand over just this information, according to Steve Fossen, manager of threat research at Fortinet.

"There are a lot of sites out there asking for this information," he told InformationWeek. "It used to just be phishers and now we're seeing legitimate sites, like Facebook, doing it. People are giving them the information because they think it's convenient but it's just a bad idea."

Fossen explained that sites like Facebook ask for users' e-mail and IM login information so they, for example, can pick out their users' friends' addresses and set up their contact list for them. It saves users time.

Facebook could not be reached for comment.

The problem is that while Facebook may be on the up and up when it comes to going through users' contact lists, many other sites and individuals are not. And Fossen said it's just a bad idea to get into the habit of giving out that kind of information.

"Because people are getting used to doing this for legitimate sites, they're more apt to hand it out to phishers," he added. "It's not good to be handing out that information. You're no longer thinking about securing your information. I tend to think it's a scary trend."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll