I learned about the article “Ten Things Your IT Department Won’t Tell You” from the SANS Internet Storm Center poll. In it, you can find this:
A logo from a security company such as VeriSign Inc., meanwhile, means VeriSign has confirmed the identity of the site’s owner.
Yes. And any website with the eBay logo means that it’s operated by eBay. Well, that’s not true. Anyone can put any logos or images in their site as they see fit — including the bad guys who make fake web pages. Trademark infringement? I bet they don’t care.
I also find it worrisome that people could trust those “hacker safe” images some sites have been displaying. You just can’t trust them: even if the service that checks the site for potential problems works flawlessly (a big IF), you just don’t know if the image is really downloaded from the legitimate site (unless you check, but not everyone knows how or bothers to do that). A malicious page could also create a link around the image that redirects to another page certifying the malicious page’s security.
(In all fairness, people are used to trust what they see. This can be noted in the trust people put into anyone using an uniform, for example. That isn’t a good thing, because it’s so easy to deceive anyone who blindly trusts something as simple as that. And it’s even easier to fake visuals on the web.)
From the same article, but unrelated:
When you receive personal email on your BlackBerry, it’s coming to you without passing through your company’s firewall. That means viruses or spyware could sneak onto your BlackBerry via a personal email, says Mr. Schmugar of McAfee. Worse yet, he says, when you plug your BlackBerry into your work computer, there’s a chance that the malicious software could jump onto your hard drive.
“There’s a chance” you might die of heart attack in the next three minutes. Please: what kind of virus is this? How does it spread? How could it infect a BlackBerry AND the PC? What kind of person who blindly opens executables on the BlackBerry wouldn’t also have his/her PC full of viruses?
What if this virus doesn’t exist? “There’s a chance” someone will create it. There’s a chance it might spread. There’s a chance it will get to the personal e-mail that you use in your BlackBerry and there’s a chance it won’t.
In all, “there’s a chance” means nothing. Unless Schmugar is willing to make a fair prediction or name a virus such as the one he described that is also in the wild, he’s saying there’s a risk when (currently) there is none. If you want to be safe, that’s OK, and I can guess that Schmugar probably didn’t sound as scary as this sentence does (probably due to the reporting): the sentence makes it seems as if just setting up your personal e-mail will be enough for make everything happen, when (in normal conditions) it really won’t.