Someone once said, “the powers of hell feed on the best instincts in man.”

Take, for example, the case of Andrew Meldrum, who was recently convicted of three counts of unauthorized access to computer material and two counts of voyeurism– http://www.wired.co.uk/news/archive/2014-03/04/cyber-voyeur. It seems Mr. Meldrum installed spyware on at least three women’s computers while “fixing” some computer problems the women were experiencing.

This is certainly not an uncommon occurrence, but what many people – especially home PC users – probably do not realize is that such software may already be installed on their PCs. There is often no need for someone to install new software on a system in order to spy, they just need to be able to activate software already present on many machines. Of course, should the necessary software not be available on the PC, it’s readily accessible on several websites and easy enough to download and install. And this is a key reason why much of the threat prevention industry is overhyped, and really nothing more than lipstick on a pig.

As for Mr. Meldrum, my take is buyer beware! When you ask your IT savvy neighbor to fix your system, he or she will need privileged access to that machine. Once you’ve given them the password, they can do whatever they want.

The reason why middle aged women are the biggest target for botnets and malware is that they are the single largest demographic that uses Facebook. How many computers do you imagine are online 24×7 in the US and the UK, all logged in with full administrative privileges? Probably 99%, and this is what hackers and voyeurs are looking for. You don’t need to invite them into your house, they can do it from next door.

Since I’m considered the neighborhood geek, I’m regularly summoned to solve IT problems. In doing so, I not only have access to privileged accounts on PCs, but also WiFi routers, WiFi passwords, software serial numbers, you name it. And, unfortunately, not every neighbor is as honest as me!

Restrict Privileged Access and Use Complex Passwords

The security industry needs to better educate people about the importance of turning off privileged access on their machines, and using complex passwords for their PCs, mobile devices and WiFi routers. But given that many enterprises don’t even seem to have the security savvy to do this, what hope is there for your next door neighbor?

There is so much software installed on our systems out of the box. We may never use it, but it can easily be used against us. The problem is severe enough that we might as well be handing out our shingle with a sign saying “Hack Me” because of our naivete.

Maybe there is a need to regulate the software and applications that are pre-installed on systems to reduce the risk of innocent victims being targeted by unscrupulous voyeurs and criminals.

Want to learn more?? The InfoSec Institute CISSP Training course trains and prepares you to pass the premier security certification, the CISSP. Professionals that hold the CISSP have demonstrated that they have deep knowledge of all 10 Common Body of Knowledge Domains, and have the necessary skills to provide leadership in the creation and operational duties of enterprise wide information security programs.

InfoSec Institute's proprietary CISSP certification courseware materials are always up to date and synchronized with the latest ISC2 exam objectives. Our industry leading course curriculum combined with our award-winning CISSP training provided by expert instructors delivers the platform you need in order to pass the CISSP exam with flying colors. You will leave the InfoSec Institute CISSP Boot Camp with the knowledge and domain expertise to successfully pass the CISSP exam the first time you take it. Some benefits of the CISSP Boot Camp are:

  • Dual Certification - CISSP and ISSEP/ISSMP/ISSAP
  • We have cultivated a strong reputation for getting at the secrets of the CISSP certification exam
  • Our materials are always updated with the latest information on the exam objectives: This is NOT a Common Body of Knowledge review-it is intense, successful preparation for CISSP certification.
  • We focus on preparing you for the CISSP certification exam through drill sessions, review of the entire Common Body of Knowledge, and practical question and answer scenarios, all following a high-energy seminar approach.

Calum MacLeod is VP of privileged identity management vendor Lieberman Software.