Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, February 16, 2007

Tool Uncovers Inadvertent ‘Chatter’

Researchers from Errata Security plan to release a free tool at the Black Hat D.C. briefings later this month that gives enterprises a firsthand look at what data is bleeding out of their client machines every day, especially in wireless networks.

Data seepage—not to be confused with data leakage—is where seemingly innocuous data gets exposed by your chatty client applications over public WiFi connections, or even inside the enterprise network.

Robert Graham, Errata Security’s CEO and David Maynor, its CTO, will use this Windows- and Linux-based tool to demonstrate just how much danger data seepage can pose, during their Black Hat presentation on March 1.If your users are working from an airport or Panera Bread WiFi connection, their machines are announcing themselves to anyone else on those machines, which makes your corporate network a target.

The Oracle client, for instance, will try to connect to its server if you have cached credentials on your laptop.

“And Apple is even more chatty than Windows.”

Next, Errata will develop a proof of concept showing how an attacker could set up a trojan server that could respond to the client’s requests, posing as an Oracle database, Web server, or a wireless access point, says Graham.

Posted on 02/16