Are there any white papers or policy documents on ICQ (& IRC)? I
have a client who is concerned that their employees are sending
proprietary information (in clear text) through AOL's www.icq.com.
By way of policy their website lists only disclaimers and CYAs
(http://www.icq.com/legal/privacy.html):
Please note that the ICQ Software and its privacy and security
features, as most Internet applications, are vulnerable to various
security issues and hence should be considered unsecured. By
using the ICQ Software and its privacy and security features,
you may be subject to various risks, including among others:
* Exposure to objectionable material and/or parties, including
without limitation, contaminated files.
* Unauthorized invasion of your privacy during, or as a result
of, your or another's use of the system.
* Spoofing, eavesdropping, sniffing, spamming, breaking passwords,
harassment, fraud, forgery, "imposturing", electronic trespassing,
tampering, hacking, nuking, system contamination including
without limitation use of viruses, worms and Trojan horses
causing unauthorized, damaging or harmful access and/or retrieval
of information and data on your computer and other forms of
activity that may even be considered unlawful.
* Unauthorized exposure of information and material you listed
or sent, on or through the ICQ system, to other users, the
general public or any other specific entities for which the
information and material was not intended by you.
Nowhere is there any indication of what data mining or archiving
AOL might be doing with these chats. In theory this means that
they can (legally) search for stock tips, corporate strategies,
developers sharing code, or other "generally assumed to be private"
content. The only positive statement WRT privacy is buried deep
in the fine print:
Unless explicitly stated otherwise, the information entered or
posted, through the Software or through the Web, including without
limitation, on the ICQ info templates-whitepages and other
directories, during registration or thereafter, the ICQ message
boards, as well as status indication and other user's parameters
that can be found using the Software or the Web ("Public
Information"), may be available to the public. Public Information
shall not include information meant to be sent through the ICQ
network to a specific ICQ User's Software, unless subsequently
provided to ICQ Inc.
Of course chats can take place between the client computers directly
however most firewall configurations only allow the data to be sent
through an ICQ server.
In light of these policies/CYAs is there a business case for
filtering ICQ IP addresses?
--
Roger Marquis
Roble Systems Consulting
http://www.roble.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
