IT Managers Get Hacker Tool Warning
September 2002
IT managers will have a hard time guarding their networks against unscrupulous employees using hacker tools to steal sensitive data, according to a security expert.Hacker tool Camera/Shy permits the hiding and viewing of sensitive or incriminating data inside innocuous picture files.
But Richard Barber, security consultant at Integralis, said that it was just one of many programs available to hide data not just in pictures, but in other files.
Blocking picture files at the internet gateway is not enough, he warned.
"The reality is [that] some of the steganography tools available can hide an Excel spreadsheet within another Excel spreadsheet," he explained.
"Then you have to identify which file out of the thousands going through an internet gateway is the one you are looking for."
Camera/Shy was released at hacker conference H2K2 last week by Hacktivismo, an offshoot of hacker group Cult of the Dead Cow, with the aim of allowing anonymous web surfing in countries where the internet is censored.
Organisations worried about the use of Camera/Shy will have taken considerable steps already to tighten network perimeters and prevent the existence of such files.
Network management software company NetIQ claimed that updates to its Security Analyser software will detect and eliminate the Camera/Shy software in a network.
Its Security Manager software will detect the launch of the hacking software and close it immediately.
Scott Hollis, security product management director at NetIQ, said: "The release of this new hacker tool shows how important it is for IT administrators and security staff to maintain a high state of readiness against new threats.
"Keeping up to date on all of the latest vulnerabilities and threats is a daunting task for already overworked IT professionals."
Barber maintained that there are very few tools available that can detect the use of steganography.
Source...
