BreachExchange mailing list archives
Our P2P Investigation Turns Up Business Data Galore
From: security curmudgeon <jericho () attrition org>
Date: Mon, 17 Mar 2008 08:46:17 +0000 (UTC)
[Great.. loads of billing data, health records and more, but absolutely no details. Fun project and nice resulting article, but no follow through on properly warning the companies or consumers? -- jericho] ---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.informationweek.com/story/showArticle.jhtml?articleID=206903417 By Avi Baumstein InformationWeek March 17, 2008 Are peer-to-peer networks really filled with sensitive corporate data just waiting to be plucked and abused? It seems unlikely--surely people wouldn't be that sloppy. Like a 19th century prospector, I decided to dip my pan into the stream to see what I could find. The results were shocking and scary--loads of confidential business documents and enough personal information to ruin any number of lives and create PR nightmares for quite a few companies. Among the business documents were spreadsheets, billing data, health records, RFPs, internal audits, product specs, and meeting notes, all found in a quick expedition, using simple tools. It's doubtful that so many people were sharing such sensitive files on purpose. More likely, the users, or even their children, had installed a P2P program to download music or a TV show, and clicked "OK" to all the questions during the install process. One of those questions is which folder to share files from, and often the default is the Windows My Documents folder. The result was plain--and in many ways worse than the lost laptops that have made so much news, because the files are available to the entire world and leave no trace when they're taken. If my sampling is any indication, it's clearly time to add P2P file sharing to your list of security threats. [..] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Our P2P Investigation Turns Up Business Data Galore security curmudgeon (Mar 17)