Wednesday, November 18, 2009

Shoulder Surfing

With new discoveries come new information! Here is an article from previously mentioned "Crime and Clues" that focuses on the phenomenon of shoulder surfing, or people gathering information from a computer user or cell phone caller by hanging from the eaves. Imagine yourself in a coffee shop using your laptop to check your bank balance. The person at the next table might be "shoulder surfing" to get valuable information including account numbers, log in information etc. Shoulder surfing can be even more invasive and can happen from co-workers, competitors, or even law enforcement or opposing counsel in litigation. An excerpt from the article (full article here)

Due to a job requiring extensive travel or simply due to a lack of office space, many companies can chose to have an individual perform their work while away on a business trip or at home. Connecting to work from an off-site location by way of 'remote access' is fairly common these days. All the employee needs to connect up to his/her home office is a computer with a modem, the proper telephone number or website to access the company's system/network, a user name and a password [5]. To an employee, off-site access may be an extremely convenient tool. However, if information about how to access a company's system/network is in plain view on an employee's computer system, this can be extremely dangerous. To a shoulder surfer glancing by, this information can be very valuable if this particular attacker wanted to gain access to information about that company.

At your place of employment you might even be at risk. Co-workers might be curious as to the activities you engage in on your computer. If their jobs require that they do different tasks then you, they may want to learn how you do your job. They may want to look at the programs you utilize to perform your job. Even worse, they may want to check your e-mail accounts. These are all possible motives of the shoulder surfer who may just be around the corner in the next cubicle.

No comments: