Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/18/2007
01:15 AM
50%
50%

Because That's Where the Money Is

Just like banks, corporate content filters can provide the bad guys with valuable things to steal

9:15 AM -- One of the most damaging vulnerabilities is something that companies spend very little time thinking about.

Industrial espionage has some of the greatest potential for long term danger to companies. Those most interested in insider corporate information are also the same people who have the most to gain from the information. I spent a few hours putting together a paper that outlines some of the direct threats, but there are a lot more out there.

For instance, we found that Google calendar can be used as a way to get confidential call-in numbers through nothing more than a simple query. This would allow an attacker or a competitor to listen in on confidential phone calls. Competitors' eavesdropping on your internal secrets isn't the only risk here. It also allows aggressive and illegal investment strategies to be more plausible, without much risk.

Recently, there has been a rash of public CGI proxies floating around the Internet. It occurred to me when I first saw them that these are really the ideal ways to phish people's information. But if you think about who the likeliest users of this technology are, it is actually company employees that sit behind strict content filters.

Allowing them to submit information, talk on message boards, sign in to various tools, all through a single Web interface, is a great place to aggregate information. Additionally, the owner of the proxy has the ability to know where the user is coming from by looking at their IP address. Knowing this information, they can throw away information that may not be interesting.

Ultimately installing content filters and monitoring employee activity can help mitigate a lot of this risk while they are at work. But once they are outside the corporate walls you are taking a big risk. As always, insure that you have non-disclose/non-competes in place with all your employees, and make them aware of some of the more subversive ways competitors and attackers can find sensitive information. I have seen a few companies completely block any traffic from IP space by a competitor.

While that wouldn't stop a determined attacker it can stop non-technical business analysts who may not understand how to circumvent IP blocks. It's a war out there, and it's definitely one you should be fighting.

— RSnake is a red-blooded lumberjack whose rants can also be found at Ha.ckers and F*the.net. Special to Dark Reading

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...