Sign in or 
- EasyEdit
- Edit tags
-
(what's this?What are these tools?
People just like you can add or edit the content on this site. If you want to try editing, but aren't ready to add to this site, try our demo area.
Read more about editing pages at Wetpaint Central.
) - Report page
Share this
Black Hat Hears of Data Leak Dangers
From Nancy Kranich
>Date: Tue, 06 Mar 2007 09:01:49 -0800 (PST)
>From: dwood@ala.org
>Subject: [IFCPRIVACY:2792] Black Hat hears of data leak dangers
>Sender: owner-ifcprivacy@ala.org
>To: IFC Privacy Subcommittee <ifcprivacy@ala.org>
>Reply-to: ifcprivacy@ala.org
>Original-recipient: rfc822;nck1@mail.nyu.edu
>
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>This email was sent to you by someone who found it on InfoWorld.com.
>The original page can be found here:
>http://www.infoworld.com/article/07/03/01/HNseepage_1.html
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
>Black Hat hears of data leak dangers
>Security experts at the Black Hat DC conference warn of data seepage
>and the risks for PCs, handhelds, and corporate networks
>
>By Matt Hines
>March 01, 2007
>
>The biggest threat to your personal and professional security may be
>the information that your computer is already transmitting to the
>world around you.
>
>Data leakage might be a hot topic, given the list of high-profile
>incidents reported by businesses such as TJX Companies -- through
>which reams of detailed consumer records have been exposed -- but
>most people are already broadcasting enough information from their
>laptops to allow hackers to aim targeted attacks at their devices
>and corporate networks, according to security researchers.
>
>In a presentation at the ongoing Black Hat DC 2007 conference being
>held in Washington, DC, from Feb. 28 to Mar. 1, experts with
>Atlanta-based services provider Errata Security outlined a trend
>they've labeled as "data seepage."
>
>The concept is based on the idea that people using Wi-Fi systems to
>connect their computers to the Web in public settings such as
>airport lounges or coffee shops are handing out enough personal
>clues to give attackers plenty of ammunition to make them the target
>of their malware or hacks.
>
>Using a software application they have designed dubbed Ferret,
>Errata chief executive Robert Graham and chief technology officer
>Dave Maynor demonstrated how easy it is to intercept seemingly
>innocuous information from people's devices as they connect to the
>Internet. They can then take that data to create a detailed profile
>of the individual, their Web usage, and even their employers' IT networks.
>
>During the course of their presentation, the security experts were
>even able to use Ferret to intercept an e-mail sent to a reporter
>working in another conference session that included one of her
>applications' passwords.
>
>Whenever a user connects to the Web via Wi-Fi, or even if their
>laptop's wireless systems are merely left turned on, someone using
>such a so-called sniffing tool can garner data about where the user
>has traveled, what type of operating system or applications they
>use, and who they may work for, Graham said.
>
>For instance, the expert said that while sitting in airlines'
>business customer lounges it's not hard to look at details offered
>up freely by the machines of other travelers using Wi-Fi.
>
>In doing so, Ferret can detect what hotspots the person has been
>through, giving an idea of their physical location; determine what
>e-mail servers or IM systems they attempt to access, lending an idea
>of their software and potentially their employer; and even scoop
>their IM contacts to determine who they communicate with.
>
>"With seepage, we're talking about the distribution information that
>you actually mean to broadcast but which hackers can take and
>exploit for their own needs," Graham said. "All you have to do is
>turn on your computer and we can tell a lot about you."
>
>For instance, computers made by Apple offer up details of what
>operating system someone is using when they turn their machines on
>or access Wi-Fi. If captured by a hacker, this could allow them to
>target specific malware attacks at the individual based on any known
>vulnerabilities in their version of the OS.
>
>In addition to data related to Web connectivity or operating
>systems, such tools can be used to detect what types of anti-virus
>applications users are running when the software programs attempt to
>automatically download updates. With the wide number of known
>vulnerabilities existing in anti-virus programs, a hacker could
>easily take that information and use it to craft a targeted attack,
>the experts said.
>
>The tools can even be used to garner similar data from smartphones
>and other data-centric handhelds, according to the researchers.
>
>The experts contend that when the U.S. government was piecing
>together information about suspected terrorists after the Sept. 11
>attacks, investigators likely relied on the same types of data to
>figure out where various people had traveled, who they communicated
>with, and what they might have been looking at on the Internet.
>
>Consumers may be upset about retailers who collect and expose
>sensitive information or unchecked government wiretaps, but they are
>unknowingly handing over a range of data that could be used to track
>their movements, steal their money, or penetrate their employers' networks.
>
>"Just by going to a lounge in an airport with a sniffer like this,
>you can easily develop a profile that can be used to exploit any
>weaknesses," Graham said. "You can move from [intercepting] a
>low-level MAC address to capturing high-level information in a very
>short amount of time."
>
>To help people understand just how much information can be gathered
>using sniffers like Ferret, Errata is posting the source code for
>the tool on its Web site so that developers can try it for themselves.
>
>The best advice that the security experts offered to end-users to
>protect themselves is to use personal firewalls and VPNs to cloak as
>much of their information and activity as possible.
>
>"It's not single pieces of information that we're warning about,
>it's the collection of pieces of data that offer detailed
>information about who you are," Maynor said. "If the government were
>collecting this information people would be up in arms, but as it
>is, they are already giving it away without a second thought."
>
>
>
>http://www.infoworld.com/article/07/03/01/HNseepage_1.html
====================================================================================
Nancy C. Kranich
Past President
American Library Association
733 Holmes Street
State College, PA 16803-3622
814-234-0777; fax 917-386-2515
nancy.kranich@nyu.edu
>Date: Tue, 06 Mar 2007 09:01:49 -0800 (PST)
>From: dwood@ala.org
>Subject: [IFCPRIVACY:2792] Black Hat hears of data leak dangers
>Sender: owner-ifcprivacy@ala.org
>To: IFC Privacy Subcommittee <ifcprivacy@ala.org>
>Reply-to: ifcprivacy@ala.org
>Original-recipient: rfc822;nck1@mail.nyu.edu
>
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>This email was sent to you by someone who found it on InfoWorld.com.
>The original page can be found here:
>http://www.infoworld.com/article/07/03/01/HNseepage_1.html
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
>Black Hat hears of data leak dangers
>Security experts at the Black Hat DC conference warn of data seepage
>and the risks for PCs, handhelds, and corporate networks
>
>By Matt Hines
>March 01, 2007
>
>The biggest threat to your personal and professional security may be
>the information that your computer is already transmitting to the
>world around you.
>
>Data leakage might be a hot topic, given the list of high-profile
>incidents reported by businesses such as TJX Companies -- through
>which reams of detailed consumer records have been exposed -- but
>most people are already broadcasting enough information from their
>laptops to allow hackers to aim targeted attacks at their devices
>and corporate networks, according to security researchers.
>
>In a presentation at the ongoing Black Hat DC 2007 conference being
>held in Washington, DC, from Feb. 28 to Mar. 1, experts with
>Atlanta-based services provider Errata Security outlined a trend
>they've labeled as "data seepage."
>
>The concept is based on the idea that people using Wi-Fi systems to
>connect their computers to the Web in public settings such as
>airport lounges or coffee shops are handing out enough personal
>clues to give attackers plenty of ammunition to make them the target
>of their malware or hacks.
>
>Using a software application they have designed dubbed Ferret,
>Errata chief executive Robert Graham and chief technology officer
>Dave Maynor demonstrated how easy it is to intercept seemingly
>innocuous information from people's devices as they connect to the
>Internet. They can then take that data to create a detailed profile
>of the individual, their Web usage, and even their employers' IT networks.
>
>During the course of their presentation, the security experts were
>even able to use Ferret to intercept an e-mail sent to a reporter
>working in another conference session that included one of her
>applications' passwords.
>
>Whenever a user connects to the Web via Wi-Fi, or even if their
>laptop's wireless systems are merely left turned on, someone using
>such a so-called sniffing tool can garner data about where the user
>has traveled, what type of operating system or applications they
>use, and who they may work for, Graham said.
>
>For instance, the expert said that while sitting in airlines'
>business customer lounges it's not hard to look at details offered
>up freely by the machines of other travelers using Wi-Fi.
>
>In doing so, Ferret can detect what hotspots the person has been
>through, giving an idea of their physical location; determine what
>e-mail servers or IM systems they attempt to access, lending an idea
>of their software and potentially their employer; and even scoop
>their IM contacts to determine who they communicate with.
>
>"With seepage, we're talking about the distribution information that
>you actually mean to broadcast but which hackers can take and
>exploit for their own needs," Graham said. "All you have to do is
>turn on your computer and we can tell a lot about you."
>
>For instance, computers made by Apple offer up details of what
>operating system someone is using when they turn their machines on
>or access Wi-Fi. If captured by a hacker, this could allow them to
>target specific malware attacks at the individual based on any known
>vulnerabilities in their version of the OS.
>
>In addition to data related to Web connectivity or operating
>systems, such tools can be used to detect what types of anti-virus
>applications users are running when the software programs attempt to
>automatically download updates. With the wide number of known
>vulnerabilities existing in anti-virus programs, a hacker could
>easily take that information and use it to craft a targeted attack,
>the experts said.
>
>The tools can even be used to garner similar data from smartphones
>and other data-centric handhelds, according to the researchers.
>
>The experts contend that when the U.S. government was piecing
>together information about suspected terrorists after the Sept. 11
>attacks, investigators likely relied on the same types of data to
>figure out where various people had traveled, who they communicated
>with, and what they might have been looking at on the Internet.
>
>Consumers may be upset about retailers who collect and expose
>sensitive information or unchecked government wiretaps, but they are
>unknowingly handing over a range of data that could be used to track
>their movements, steal their money, or penetrate their employers' networks.
>
>"Just by going to a lounge in an airport with a sniffer like this,
>you can easily develop a profile that can be used to exploit any
>weaknesses," Graham said. "You can move from [intercepting] a
>low-level MAC address to capturing high-level information in a very
>short amount of time."
>
>To help people understand just how much information can be gathered
>using sniffers like Ferret, Errata is posting the source code for
>the tool on its Web site so that developers can try it for themselves.
>
>The best advice that the security experts offered to end-users to
>protect themselves is to use personal firewalls and VPNs to cloak as
>much of their information and activity as possible.
>
>"It's not single pieces of information that we're warning about,
>it's the collection of pieces of data that offer detailed
>information about who you are," Maynor said. "If the government were
>collecting this information people would be up in arms, but as it
>is, they are already giving it away without a second thought."
>
>
>
>http://www.infoworld.com/article/07/03/01/HNseepage_1.html
====================================================================================
Nancy C. Kranich
Past President
American Library Association
733 Holmes Street
State College, PA 16803-3622
814-234-0777; fax 917-386-2515
nancy.kranich@nyu.edu
|
TexasTaylor |
Latest page update: made by TexasTaylor
, Mar 7 2007, 12:31 AM EST
(about this update
About This Update
Edited by TexasTaylor
1064 words added view changes - complete history) |
|
More Info: links to this page
|
There are no threads for this page.
Be the first to start a new thread.
