Texannie
Member
07-16-2001
| Friday, December 10, 2004 - 7:47 am
A friend of mine who works for NASA received the following internal NASA memo (from which I’ve deleted the sender’s name). FYI, “JSC” = Johnson Space Center. To: DL ARES CS; DL ARES LM ALL; DL ARES Long-Term; DL ARES Short-Term Sent: 12/3/2004 3:38 PM Subject: Warning about HotBar! Importance: High HotBar is a free application that adds graphical "skins" to Internet Explorer, Outlook and Outlook Express toolbars. It also adds graphics on the bottom of every email you send out attempting to entice others to download. On the surface, this program looks neat because you can "personalize" your application. All these free toolbars, and menus (HotBar is just one example) come with spyware embedded in them and should be used with extreme caution. HotBar has been singled out by the Office of Homeland Security as a high risk for potential identity theft. In order to download this software, a user has to create an account with HotBar, thereby giving them data about themselves and creating a password. After analyzing the logs that HotBar creates and saves about each user, NSIRC (National Security Agency's National Security Incident Response Center) has issued a warning to government agencies about the potential for harm. In particular, many users from NASA and JSC are listed in HotBar's data. What this means is that HotBar has data on individuals here at JSC along with a tracking of every website they have visited since they loaded the application. Because many users routinely use the same password on more than one Internet account, and because many Internet accounts are based on the user ID being an email address, HotBar is sitting on a goldmine of information. If the information got into the hands of someone wishing to steal your identity . . . . it just became much easier for them to accomplish that. Because of NSIRC's warning, JSC is making moves to block all access to HotBar from the center. They announced today that HotBar is now considered an unauthorized application, and downloading it is against policy. JSC has a list of individuals who have it installed (thanks to HotBar's data) and will be working with you to clean up your system in the near future. There is no need to be in a panic over this, since JSC is blocking this traffic now. Even if you have it installed, it will not be able to collect and report data anymore. If you have HotBar on your system and you don't want to wait for clean up instructions from JSC, there are removal tools on the Internet. You can also contact me or submit an ARES-Task for assistance. ARES (SA13) IT Security LM Project Manager NASA JSC
|