NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0276 Data Leak Products Have Security Risks:

Researchers from Matasano Security, at the Black Hat conference, warn companies looking to clamp down on data leaks may actually be introducing a whole new set of security problems to their corporate networks. Matasano has spent the past nine months testing a range of information protection products for bugs on behalf of corporate customers that were looking to deploy the systems. The researchers focused on products that install "agent" software on desktop PCs in order to monitor things like web browsers, email, and instant-message conversations, looking for data that might be leaving the corporate network. They found that all these agent-based products tested suffered from a similar set of problems, with too much trust placed on the agent, and you eventually have to think of that agent as a potentially malicious enemy. The researchers found a number of flaws with the software they examined. For example, they were able to exploit a bug in the way agent software parsed AOL's instant messaging protocol to seize control of an agent computer. They could overwrite event logs in the management console, and they found that clients reported data to management servers in an unencrypted format. Agent-based data-leak prevention products, which are sold by such companies as WebSense, Verdasys, and McAfee, are generally considered to be more effective than products that look only at network traffic, but Matasano found security holes in that type of software.

(IDG News Service 03AUG07)

Last Modified: Tuesday, 07-Aug-2007 21:21:26 EDT