NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Attrition Dataloss> 2008-03

[Dataloss] Our P2P Investigation Turns Up Business Data Galore

From: security curmudgeon (jerichoattrition.org)
Date: Mon Mar 17 2008 - 03:46:17 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[Great.. loads of billing data, health records and more, but absolutely no
details. Fun project and nice resulting article, but no follow through on
properly warning the companies or consumers? -- jericho]

---------- Forwarded message ----------
From: InfoSec News <alertsinfosecnews.org>

http://www.informationweek.com/story/showArticle.jhtml?articleID=206903417

By Avi Baumstein
InformationWeek
March 17, 2008

Are peer-to-peer networks really filled with sensitive corporate data just
waiting to be plucked and abused? It seems unlikely--surely people
wouldn't be that sloppy. Like a 19th century prospector, I decided to dip
my pan into the stream to see what I could find.

The results were shocking and scary--loads of confidential business
documents and enough personal information to ruin any number of lives and
create PR nightmares for quite a few companies. Among the business
documents were spreadsheets, billing data, health records, RFPs, internal
audits, product specs, and meeting notes, all found in a quick expedition,
using simple tools.

It's doubtful that so many people were sharing such sensitive files on
purpose. More likely, the users, or even their children, had installed a
P2P program to download music or a TV show, and clicked "OK" to all the
questions during the install process. One of those questions is which
folder to share files from, and often the default is the Windows My
Documents folder. The result was plain--and in many ways worse than the
lost laptops that have made so much news, because the files are available
to the entire world and leave no trace when they're taken. If my sampling
is any indication, it's clearly time to add P2P file sharing to your list
of security threats.

[..]
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]