Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/18/2007
01:15 AM
50%
50%

Because That's Where the Money Is

Just like banks, corporate content filters can provide the bad guys with valuable things to steal

9:15 AM -- One of the most damaging vulnerabilities is something that companies spend very little time thinking about.

Industrial espionage has some of the greatest potential for long term danger to companies. Those most interested in insider corporate information are also the same people who have the most to gain from the information. I spent a few hours putting together a paper that outlines some of the direct threats, but there are a lot more out there.

For instance, we found that Google calendar can be used as a way to get confidential call-in numbers through nothing more than a simple query. This would allow an attacker or a competitor to listen in on confidential phone calls. Competitors' eavesdropping on your internal secrets isn't the only risk here. It also allows aggressive and illegal investment strategies to be more plausible, without much risk.

Recently, there has been a rash of public CGI proxies floating around the Internet. It occurred to me when I first saw them that these are really the ideal ways to phish people's information. But if you think about who the likeliest users of this technology are, it is actually company employees that sit behind strict content filters.

Allowing them to submit information, talk on message boards, sign in to various tools, all through a single Web interface, is a great place to aggregate information. Additionally, the owner of the proxy has the ability to know where the user is coming from by looking at their IP address. Knowing this information, they can throw away information that may not be interesting.

Ultimately installing content filters and monitoring employee activity can help mitigate a lot of this risk while they are at work. But once they are outside the corporate walls you are taking a big risk. As always, insure that you have non-disclose/non-competes in place with all your employees, and make them aware of some of the more subversive ways competitors and attackers can find sensitive information. I have seen a few companies completely block any traffic from IP space by a competitor.

While that wouldn't stop a determined attacker it can stop non-technical business analysts who may not understand how to circumvent IP blocks. It's a war out there, and it's definitely one you should be fighting.

— RSnake is a red-blooded lumberjack whose rants can also be found at Ha.ckers and F*the.net. Special to Dark Reading

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15505
PUBLISHED: 2020-07-07
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1, and Sentry before 9.7.3 and 9.8.x before 9.8.1, allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2020-15506
PUBLISHED: 2020-07-07
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1 allow remote attackers to bypass authentication mechanisms via unspecified vectors.
CVE-2020-15507
PUBLISHED: 2020-07-07
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1 allow remote attackers to read files on the system via unspecified vectors.
CVE-2020-15096
PUBLISHED: 2020-07-07
In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation" are affecte...
CVE-2020-4075
PUBLISHED: 2020-07-07
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not ...