All the latest UK technology news, reviews and analysis
|
|
|
18 Jul 2002
IT managers will have a hard time guarding their networks against unscrupulous employees using hacker tools to steal sensitive data, according to a security expert.
Hacker tool Camera/Shy permits the hiding and viewing of sensitive or incriminating data inside innocuous picture files.
Further reading
But Richard Barber, security consultant at Integralis, said that it was just one of many programs available to hide data not just in pictures, but in other files.
Blocking picture files at the internet gateway is not enough, he warned.
"The reality is [that] some of the steganography tools available can hide an Excel spreadsheet within another Excel spreadsheet," he explained.
"Then you have to identify which file out of the thousands going through an internet gateway is the one you are looking for."
Camera/Shy was released at hacker conference H2K2 last week by Hacktivismo, an offshoot of hacker group Cult of the Dead Cow, with the aim of allowing anonymous web surfing in countries where the internet is censored.
Organisations worried about the use of Camera/Shy will have taken considerable steps already to tighten network perimeters and prevent the existence of such files.
Network management software company NetIQ claimed that updates to its Security Analyser software will detect and eliminate the Camera/Shy software in a network.
Its Security Manager software will detect the launch of the hacking software and close it immediately.
Scott Hollis, security product management director at NetIQ, said: "The release of this new hacker tool shows how important it is for IT administrators and security staff to maintain a high state of readiness against new threats.
"Keeping up to date on all of the latest vulnerabilities and threats is a daunting task for already overworked IT professionals."
Barber maintained that there are very few tools available that can detect the use of steganography.
"You have to do it some other way because any mechanism you have that claims to detect steganography as it stands is claiming a lot more than it can deliver," he said.
Barber added that companies need outside help to deal with this problem as resources are often directed at the wrong priorities.
Latest stories from Security
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Start-up company in West London are looking for a number...
This team is responsible for developing and running carrier...
Graduate Mathematical Modelling position focused on research...
Working on real projects and real high performance software...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?