Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/18/2007
01:15 AM
50%
50%

Because That's Where the Money Is

Just like banks, corporate content filters can provide the bad guys with valuable things to steal

9:15 AM -- One of the most damaging vulnerabilities is something that companies spend very little time thinking about.

Industrial espionage has some of the greatest potential for long term danger to companies. Those most interested in insider corporate information are also the same people who have the most to gain from the information. I spent a few hours putting together a paper that outlines some of the direct threats, but there are a lot more out there.

For instance, we found that Google calendar can be used as a way to get confidential call-in numbers through nothing more than a simple query. This would allow an attacker or a competitor to listen in on confidential phone calls. Competitors' eavesdropping on your internal secrets isn't the only risk here. It also allows aggressive and illegal investment strategies to be more plausible, without much risk.

Recently, there has been a rash of public CGI proxies floating around the Internet. It occurred to me when I first saw them that these are really the ideal ways to phish people's information. But if you think about who the likeliest users of this technology are, it is actually company employees that sit behind strict content filters.

Allowing them to submit information, talk on message boards, sign in to various tools, all through a single Web interface, is a great place to aggregate information. Additionally, the owner of the proxy has the ability to know where the user is coming from by looking at their IP address. Knowing this information, they can throw away information that may not be interesting.

Ultimately installing content filters and monitoring employee activity can help mitigate a lot of this risk while they are at work. But once they are outside the corporate walls you are taking a big risk. As always, insure that you have non-disclose/non-competes in place with all your employees, and make them aware of some of the more subversive ways competitors and attackers can find sensitive information. I have seen a few companies completely block any traffic from IP space by a competitor.

While that wouldn't stop a determined attacker it can stop non-technical business analysts who may not understand how to circumvent IP blocks. It's a war out there, and it's definitely one you should be fighting.

— RSnake is a red-blooded lumberjack whose rants can also be found at Ha.ckers and F*the.net. Special to Dark Reading

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Data Breaches Affect the Enterprise
Data breaches continue to cause negative outcomes for companies worldwide. However, many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download Dark Reading's Report "How Data Breaches Affect the Enterprise" to delve more into this timely topic.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-38958
PUBLISHED: 2021-11-30
IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 212042
CVE-2021-38967
PUBLISHED: 2021-11-30
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441.
CVE-2021-38999
PUBLISHED: 2021-11-30
IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace.
CVE-2021-39000
PUBLISHED: 2021-11-30
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force ID: 213215.
CVE-2021-43202
PUBLISHED: 2021-11-30
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.