informa
/
Risk
News

Because That's Where the Money Is

Just like banks, corporate content filters can provide the bad guys with valuable things to steal

9:15 AM -- One of the most damaging vulnerabilities is something that companies spend very little time thinking about.

Industrial espionage has some of the greatest potential for long term danger to companies. Those most interested in insider corporate information are also the same people who have the most to gain from the information. I spent a few hours putting together a paper that outlines some of the direct threats, but there are a lot more out there.

For instance, we found that Google calendar can be used as a way to get confidential call-in numbers through nothing more than a simple query. This would allow an attacker or a competitor to listen in on confidential phone calls. Competitors' eavesdropping on your internal secrets isn't the only risk here. It also allows aggressive and illegal investment strategies to be more plausible, without much risk.

Recently, there has been a rash of public CGI proxies floating around the Internet. It occurred to me when I first saw them that these are really the ideal ways to phish people's information. But if you think about who the likeliest users of this technology are, it is actually company employees that sit behind strict content filters.

Allowing them to submit information, talk on message boards, sign in to various tools, all through a single Web interface, is a great place to aggregate information. Additionally, the owner of the proxy has the ability to know where the user is coming from by looking at their IP address. Knowing this information, they can throw away information that may not be interesting.

Ultimately installing content filters and monitoring employee activity can help mitigate a lot of this risk while they are at work. But once they are outside the corporate walls you are taking a big risk. As always, insure that you have non-disclose/non-competes in place with all your employees, and make them aware of some of the more subversive ways competitors and attackers can find sensitive information. I have seen a few companies completely block any traffic from IP space by a competitor.

While that wouldn't stop a determined attacker it can stop non-technical business analysts who may not understand how to circumvent IP blocks. It's a war out there, and it's definitely one you should be fighting.

— RSnake is a red-blooded lumberjack whose rants can also be found at Ha.ckers and F*the.net. Special to Dark Reading

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5