Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

2/16/2007
05:55 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Tool Uncovers Inadvertent 'Chatter'

Errata Security to release tool at Black Hat later this month that demonstrates 'data seepage' via WiFi

Researchers from Errata Security plan to release a free tool at the Black Hat D.C. briefings later this month that gives enterprises a firsthand look at what data is bleeding out of their client machines every day, especially in wireless networks.

Data seepage -- not to be confused with data leakage -- is where seemingly innocuous data gets exposed by your chatty client applications over public WiFi connections, or even inside the enterprise network. (See Data That Doesn't Drip... Drip... Drip....)

Robert Graham, Errata Security's CEO and David Maynor, its CTO, will use this Windows- and Linux-based tool to demonstrate just how much danger data seepage can pose, during their Black Hat presentation on March 1. The tool will be available for download via Errata's Website.

"It's more like a packet sniffer," explains Graham, who wrote the tool, which he's tentatively calling The Juicer. "It's aimed at corporations that don't realize how much information they are broadcasting to the world. This tool shows the surprising amount of data they are exposing on their laptops."

Graham says he fully expects researchers to also use the tool to find other potential dangers in data seepage.

Security experts like Errata are raising the red flag on data seepage, which has mostly been overlooked by most organizations. It really boils down to just how chatty your client apps are, and where your mobile clients are working. If your users are working from an airport or Panera Bread WiFi connection, their machines are announcing themselves to anyone else on those machines, which makes your corporate network a target.

"Data seepage is one of the most overlooked vulnerabilities today in wireless devices," says Richard Rushing, CSO for AirDefense, a wireless security vendor. "They have no recollection of where they are -- my wireless device acts the same way at a hotspot that it does at a corporate office."

Their user-friendly features basically make them vulnerable. "When you first open your laptop, it will try to connect to every WAP you went to in the past. This tool will list all you connected to in past" as well as other potentially revealing information, Graham says.

That means all those desktop agents -- Oracle, your email client, etc. -- immediately start asking questions and leaving tracks out in the open as they reach out for their servers from a WiFi connection at the airport. The Oracle client, for instance, will try to connect to its server if you have cached credentials on your laptop.

"I can immediately get your NT domain name, and tell what kind of system you're communicating with," Rushing says. "This is all good information a bad guy would want to start breaking into your corporate network."

But data seepage can also be a problem within the internal wired network as well, Errata's Graham says, an insider could get more information about the network than you think they have and use it for nefarious purposes.

So what can you do to protect yourself from your wireless users on the go, or from your wired users gone bad? Much of the data seepage problem is the nature of wireless, but the key is understanding what data is being broadcasted and made available, and whether it's potentially sensitive or could lead an attacker to your front door, AirDefense's Rushing says.

"You can limit the types of services on the WiFi firewall, but when you go to the conference room back at the office, none of the applications will work on your laptop," he says.

Simple things like creating a user account that doesn't use your real name, and forgoing naming your servers after the company, as well as "turning off" some services are helpful, Graham says. "But no one thing will solve it," he warns.

And don't expect those more secure Vista laptops you're planning to purchase to help you out much, either. "Vista has new chatty stuff that tells you even more about the machine," Graham says. "And Apple is even more chatty than Windows."

Next, Errata will develop a proof of concept showing how an attacker could set up a trojan server that could respond to the client's requests, posing as an Oracle database, Web server, or a wireless access point, says Graham.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • Errata Security
  • AirDefense Inc.

    Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Sodinokibi Ransomware: Where Attackers' Money Goes
    Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
    Data Privacy Protections for the Most Vulnerable -- Children
    Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
    7 SMB Security Tips That Will Keep Your Company Safe
    Steve Zurier, Contributing Writer,  10/11/2019
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win a Starbucks Card! Click Here
    Latest Comment: The old using of sock puppets for Shoulder Surfing technique. 
    Current Issue
    7 Threats & Disruptive Forces Changing the Face of Cybersecurity
    This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
    Flash Poll
    2019 Online Malware and Threats
    2019 Online Malware and Threats
    As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2019-8216
    PUBLISHED: 2019-10-17
    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
    CVE-2019-8217
    PUBLISHED: 2019-10-17
    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
    CVE-2019-8218
    PUBLISHED: 2019-10-17
    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
    CVE-2019-8219
    PUBLISHED: 2019-10-17
    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
    CVE-2019-8220
    PUBLISHED: 2019-10-17
    Adobe Acrobat and Reader versions, 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .