BT

Collaboration Tools Free - But Vulnerable

by Deborah Hartmann Preuss on Jul 04, 2006 |
For the classic Extreme Programming team, developers and their customer all work daily in the same room. But other methodologies are less stringent, and even XP teams sometimes need to find compromises when organizations exist across multiple campuses, or continents. Enter collaborative technologies - where they are allowed.

Many organizations are nervous about user-installed software, and publish rules banning unapproved installation. Some actually block non-sanctioned installation, and perhaps justifiably: Bit9, Inc., whose technology solves the problem of unwanted software on the desktop has compiled a list of the top applications with known security vulnerabilities, including applications frequently downloaded by individuals (and thus perhaps not sanctioned by the enterprise) and not classified as malicious. Each has at least one critical vulnerability, and relies on the end user, not the corporate IT department, to manually patch or upgrade to fix bugs.

Collaborative software commonly used by Agile teams, either with their customers or with distant team members, do appear on the list:

Number
3.   Skype 1.4
7.   AOL Instant Messenger 5.5
8.   Microsoft Windows/MSN Messenger 5.0
9.   Yahoo Instant Messenger 6.0
15. ICQ 2003a

View the full list on Bit9.com's site. 

Hmmm.  What's on your desktop?

Hello stranger!

You need to Register an InfoQ account or to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

... but most of them are already offering patches by Alex Popescu

I find this very interesting: most of the software included in the list are already providing patches/fixes for the reported vulnerabilities. And afaik, most of them are having quite a good release schedule, so there are great chances these problems are fixed very quickly.

./alex
--
.w( the_mindstorm )p.

Re: ... but most of them are already offering patches by Deborah Hartmann

I guess the issue for enterprises is: installing such patches (or new versions) is up to the employee, not a systematic or highly reliable method for protection of corporate assets.

Re: ... but most of them are already offering patches by Noah Campbell

That's why most corporations block IM protocols at the network level. Secure IM is possible, but not from the IM's listed above. Jive Wildfire (jivesoftware.org) supports secure communication between client and server.

-Noah

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

3 Discuss

Educational Content

General Feedback
Bugs
Advertising
Editorial
InfoQ.com and all content copyright © 2006-2013 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT