Data seepage — not to be confused with data leakage — is where seemingly innocuous data gets exposed by your chatty client applications over public WiFi connections, or even inside the enterprise network.
Robert Graham, Errata Security’s CEO and David Maynor, its CTO, will use this Windows- and Linux-based tool to demonstrate just how much danger data seepage can pose, during their Black Hat presentation on March 1.If your users are working from an airport or Panera Bread WiFi connection, their machines are announcing themselves to anyone else on those machines, which makes your corporate network a target.
The Oracle client, for instance, will try to connect to its server if you have cached credentials on your laptop.
“And Apple is even more chatty than Windows.”
Next, Errata will develop a proof of concept showing how an attacker could set up a trojan server that could respond to the client’s requests, posing as an Oracle database, Web server, or a wireless access point, says Graham.
http://www.darkreading.com/document.asp?doc_id=117636&f_src=darkreading_section_296