www.sciencedirect.com Open in urlscan Pro
162.159.129.81  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Skip to Main content
ScienceDirect
 * Journals & Books

 * Help
 * SearchSearchSearch

RegisterSign in



INFORMATION LEAK




RELATED TERMS:

 * Internet of Things
 * Side Channel Attack
 * Domain Name System
 * Side Channel
 * Virtual Machine
 * Reverse Lookup Zone

View all TopicsNavigate Right

PlusAdd to Mendeley
DownloadDownload as PDF
BellSet alert
InfoAbout this page


VULNERABILITY TYPES

Russ Rogers, in Nessus Network Auditing (Second Edition), 2008


MEMORY DISCLOSURE

One of the more common information leak vulnerability is memory disclosure. This
problem occurs when a system forgets to clear a memory block before using it to
construct a message that is sent to an untrusted party. Consider the memory
block as a sheet of paper, and the message itself as the lead of a pencil. If
the paper is not erased prior to a new message being written, any place on the
paper that is not part of the new message could contain the contents of a
previous message. The message in this case can be anything from an HTML page
displayed by a web server to an ICMP packet on the network.

Memory disclosure flaws have been discovered in everything from the Windows
NetBIOS service to the network card drivers used across a wide range of
operating systems. The actual impact of a memory disclosure vulnerability
depends on what the affected system is doing and what the disclosed memory is
used for. In some cases, this can result in a remote attacker being able to
capture passwords to and from the affected system.

For example, Linksys routers have a well-known vulnerability where they will
respond to legitimate BOOTP requests with portions of the memory from their
network cards in the payload (OSVDB ID TBD, CVE-2004-0580). Given enough
packets, this can lead to an attacker being able to analyze the network traffic
passing through the device.

View chapterPurchase book
Read full chapter
URL: https://www.sciencedirect.com/science/article/pii/B978159749208900006X


RANDOM NUMBER GENERATION

Tom St Denis, Simon Johnson, in Cryptography for Developers, 2007


BACKTRACKING ATTACKS

A backtracking attack occurs when your output data leaks information about the
internal state of the PRNG, to the point where an attacker can then step the
state backward. The goal would be to find previous outputs. For example, if the
PRNG is used to make an RSA key, figuring out the previous output gives the
attacker the factors to the RSA key.

As an example of the attack, suppose the PRNG was merely an LFSR. The output is
a linear combination of the internal state. An attacker could solve for it and
then proceed to retrieve any previous or future output of the PRNG.

Even if the PRNG is well designed, learning the current state must not reveal
the previous state. For example, consider our RNG construction in rng.c; if we
removed the XOR near line 122 the state would not really change between
invocations when being used as a PRNG. This means, if the attacker learns the
state and we had not placed that XOR there, he could run it forward indefinitely
and backward partially.

View chapterPurchase book
Read full chapter
URL: https://www.sciencedirect.com/science/article/pii/B9781597491044500066


SYSTEM EXPLOITATION

Aditya K Sood, Richard Enbody, in Targeted Cyber Attacks, 2014


4.4.4 DIGGING INSIDE INFO LEAK VULNERABILITIES

Successful exploitation of vulnerabilities to attack DEP also requires presence
of information leak vulnerabilities in order to bypass the ASLR. However,
information leak vulnerabilities are also desired in other exploitation
scenarios in addition to ASLR. The idea is to use the leaked address of base
modules or kernel memory to map the memory contents (addresses) to be used by
the exploits. In other words, info leak vulnerabilities are frequently used with
ROP programming to exploit systems that use mitigations such as GS cookie,
SEHOP, DEP, and ASLR. On the whole, Table 4.6 shows the different type of
vulnerabilities that can be exploited to leak memory addresses [27].

Table 4.6. Info Leaking Vulnerabilities Description

Info Leaking VulnerabilitiesDescriptionStack overflow—partial
overwriteOverwriting target partially and returning an info leaking gadget to
perform write operations on the heapHeap overflows—overwriting string.length
field and final NULL [w]char•

Reading the entire address space by overwriting the first few bytes of the
string on the allocated heap

•

Reading string boundaries by overwriting the last character of [w]char on the
allocated heap

Heap massaging—overflowing the JS string and object placed after heap bufferType
confusionReplacing the freed memory block with attacker controlled object of
same sizeUser after free conversion (read and write operations, controlling
pointers, on demand function pointers and vtables)Forcing pointer to reference
the attacker generated fake objects and further controlling uninitialized
variables.Use-after free conversion/application-specific
vulnerabilitiesUtilizing use-after free scenarios to combine with application
layer attacks such as Universal Cross-site Scripting (UXSS)

View chapterPurchase book
Read full chapter
URL: https://www.sciencedirect.com/science/article/pii/B9780128006047000048


PROTECTING YOURSELF FROM GOOGLE HACKERS

Johnny Long, ... Justin Brown, in Google Hacking for Penetration Testers (Third
Edition), 2016


GETTING HELP FROM GOOGLE

So far we’ve looked at various ways of checking your site for potential
information leaks, but what can you do if you detect such leaks? First and
foremost, you should remove the offending content from your site. This may be a
fairly involved process, but to do it right, you should always figure out the
source of the leak, to ensure that similar leaks don’t happen in the future.
Information leaks don’t just happen; they are the result of some event that
occurred. Figure out the event, resolve it, and you can begin to stem the source
of the problem. Solving the local problem is only half the battle. In some
cases, Google has a cached copy of your information leak just waiting to be
picked up by a Google hacker.

View chapterPurchase book
Read full chapter
URL: https://www.sciencedirect.com/science/article/pii/B978012802964000012X


SIDE-CHANNEL ATTACKS

Swarup Bhunia, Mark Tehranipoor, in Hardware Security, 2019


8.2.2 UNCOMMON SIDE-CHANNEL ATTACKS

Besides the common ones described earlier, there are several other side-channel
signals that can leak information about stored secrets in a hardware. These
signals include emitted sound, temperature, and vibration. The analysis of these
signals to extract secret information is not widely researched. One example of
these uncommon SCAs is acoustic side-channel analysis [22]. It resembles the
first reported SCA in 1965 in terms of the side-channel signal used in the
attack [6]. The attack focuses on systems that produce sounds while being
operated (such as, 3D printers), where program information can be extracted from
the leaked acoustic signals. The captured sound signal is run through a series
of signal processing and machine-learning stages that can accomplish
reconstructing the operation and producing an output similar to that of the
device under attack. Other uncommon side-channels, such as, temperature and
vibration, can also leak a significant amount of critical information about the
device under attack. In order to build secure systems, all forms of
side-channels need to be considered as a valid threat to information leakage,
and adequate countermeasures need to be incorporated.

View chapterPurchase book
Read full chapter
URL: https://www.sciencedirect.com/science/article/pii/B9780128124772000137


RECON

Jayson E. Street, ... Marcus Carey, in Dissecting the Hack, 2010


EXPLOITING THE COMPANY

Even easier for the attacker than exploiting an employee is to just sit back and
wait for the employee to leak information all over the Internet. This is
becoming a common occurrence as employees take to the Internet to air their
grievances with their employers or business partners. Confusing privacy controls
on popular social networking sites like Facebook complicate the problem as many
users are unaware that their private messages are actually being aired publicly
for the entire world to see. Although many of the messages may seem innocent to
the author, an attacker targeting their company can use information to form an
idea on internal business matters. Consider the following messages:

> Employee 1: “New exploit released for Windows Server… oh, this is going to
> suck”
> 
> Company Press Release: “We will have a scheduled downtime this weekend to
> perform maintenance on our servers.”
> 
> Employee 2: “Just got an email that I have to work through the weekend. So
> much for my fishing trip!”

Each of these messages, on its own, is just an innocent posting on the Internet.
Companies take down their servers all of the time for regular maintenance.
However, an attacker who is cyber-stalking employees of the company can put the
pieces together to see that the company's servers are vulnerable to a newly
released exploit and that they are waiting until the weekend to install patches.
This is a process known as inference, and it is a common attack vector in the
information security field simply because of the vast amounts of data being
released on a regular basis.

Posts made online can even come back to haunt an employee long after a security
event has taken place. In early 2010, a civil action lawsuit was filed against a
school district in Pennsylvania over the misuse of laptops distributed to its
students.1 The laptops contained surveillance software that allowed the school
system to turn on each camera at any time and take pictures from the user-facing
webcam. This activity led to an incident in which a student was disciplined for
allegedly using illegal drugs, later reported to be a box of Mike and Ike candy.
Although the case itself is interesting in its own merits, of particular note
here is the online persona of the school's network technician and his role in
the situation. According to one independent researcher, the network technician
maintains his own blog and has “a large online Web forum footprint,”2 meaning
that he is easily found across many online discussion forums. The technician has
made many public postings and interviews about his involvement with the laptop
webcams. At the very least, the online information shows his fascination and
passion for using the technology to spy on students and catch those performing
illegal acts. The decision of who was right and wrong is still undecided in this
case as of the time of this printing, but the amount of material publicly posted
by a technician involved with the case has made the school's legal defense much
harder to prove.

View chapterPurchase book
Read full chapter
URL: https://www.sciencedirect.com/science/article/pii/B9781597495684000018


COMPUTER NETWORK EXPLOITATION

Jason Andress, Steve Winterfeld, in Cyber Warfare (Second Edition), 2014


OPEN SOURCE INTELLIGENCE

OSINT involves the use of methods that are designed to not alert a target to the
fact that they are under observation. Many of the tools that we discussed in the
reconnaissance tools section of Chapter 6 fall squarely into this category.
Investigating Domain Name System (DNS) information, Google hacking, information
gathered from websites, investigation of document metadata, and other similar
methods can all be excellent means of executing OSINT operations, as long as
they are careful to not expose their interests in the process of conducting
them. In OSINT they will likely start with public information, then job-related
information, then Google hacking, then DNS information, then metadata gathering,
as shown in Figure 9.1. When conducting reconnaissance against a target the
attacker will generally start with OSINT, and then move to passive.

Sign in to download full-size image

Figure 9.1. OSINT process.

Primarily, when taking an OSINT approach to reconnaissance, an attacker will
want to use information sources that do not leak information about our
interests, or at least minimize such leakage. For instance, although they may
use a public web-based whois query tool to conduct research against a target,
the administrators of such an application may find it interesting that the IP
address block of a known government contract organization had a suddenly high
level of interest in the DNS information of systems related to the Chinese
government. In such cases, it is often best to use a network masking technology
such as The Onion Router (Tor) and to spread such queries out over many
different sources.


TIP

Tor, which can be found at www.torproject.org, is a tool that provides network
anonymization by routing the traffic from a client through a variety of
intermediate systems and out through one of many possible endpoints. Although
Tor does indeed provide some measure of protection against a target or
application being able to trace back the source of the network traffic in
question, there are several attacks and configuration issues, including
endpoints set up specifically to sniff traffic, that may make it possible to do
exactly this.

To a certain extent, attackers can also use some network monitoring techniques
for OSINT purposes. Although attackers are very limited in what they can do for
sniffing on a wireless network when bound by the requirement of stealth, there
are packet sniffing tools that are entirely passive in nature and are very
difficult to detect without taking specific measures to do so.


NOTE

The battle between passive network sniffers and the systems that can pick them
out is an ongoing one. As we note, if we put a passive sniffer on the network,
it is difficult to detect, but we can do so with a properly configured Intrusion
Detection System (IDS). We can also adjust our sniffers to avoid such IDSs, and
tune our IDSs to ferret out such avoidance measures, and so on ad infinitum.

There are also network sniffing tools that work through induction rather than
direct interface with the network that are, in theory, truly impossible to
detect without physically finding the inductive tap itself [2]. Even fiber optic
cables, often considered to not be passively tappable, in fact are exactly that.
Low cost devices are available to read the light leakage through the jacket of a
fiber cable without actually needing to cut it to insert a tap [3].

Additionally, we can eavesdrop on wireless network traffic in relative safety,
as long as we are careful not to interact with the network itself. Even
encrypted wireless traffic can reveal information about the devices that are
connecting to it and, based off names and Media Access Control (MAC) addresses
of such devices, we can often infer quite a bit of information about the
environment.

A technique that we cannot discount in cyber warfare scenarios is that of
passive physical observation, which is part of Human Intelligence, or HUMINT.
Such techniques, as they generally require, at least at some point, the physical
presence of an observer, do have the opportunity to alert the target in question
that they are being watched, but when carried out carefully can be invaluable.
Physical observations of traffic patterns at facilities, movement of vendors,
arrival of equipment, and other similar factors can allow us to infer much about
the goings on at our target location. We discussed this and some of the other
intelligence gathering methods in more depth in Chapter 2.

View chapterPurchase book
Read full chapter
URL: https://www.sciencedirect.com/science/article/pii/B978012416672100009X


VULNERABILITIES TO ADDRESS

Ira Winkler, Araceli Treu Gomes, in Advanced Persistent Security, 2017


INFORMATION RELEASE PROCEDURES

Too frequently, organizations are their own worst enemy. Through policy,
process, happenstance, accident, or carelessness, organizations leak information
that their threats would spend virtually unlimited resources to collect. These
leaks can take many forms.

From an espionage perspective, China sometimes sponsors conferences and similar
events where it invites scientists leading research that is important to their
efforts. It might invite the scientists to present their research and pushes
them to include the more sensitive aspects of their work. Even if they do not,
the Chinese intelligence services might invite the researchers out for social
events, provide them with a lot of alcohol, and then will subtly drill them for
the more sensitive aspects of their work.

How the organization deals with the media is also a vulnerability. To curry
favor with the media, organizations sometimes provide more information than they
should. They might provide information on background. Poor media relations
policies can result in people inside organizations providing information to
media outlets in attempts to be helpful.

Sometimes revenge can lead to major compromises of information. Such was the
case with Valerie Plame. In this case, Plame's husband, Ambassador Joseph
Wilson, was a critic of the Bush administration policies, and in retaliation,
Richard Armitage, a deputy secretary of state provided a reporter with
information that Plame was an undercover CIA operative. This resulted in a
massive compromise of CIA covert operations. Intelligence agencies from around
the world, where Plame was stationed and visited, could then identify front
companies and potentially other undercover operatives and people providing
information to Plame and others.

For example, if Plame worked for an organization, it was likely that the
organization was a CIA front company. Other employees of that organization also
potentially worked for the CIA. People that Plame met might be spying against
their host government. Not only Plame, but everything she was associated with
was compromised, with basic research by the host governments where Plame was
stationed.

Organizations sometimes post too much information on their websites. Sometimes
the information is not considered to be sensitive. Sometimes the communications
department just posts information as a habit, without considering the strategic
value. Other times, sensitive information is not properly filtered. For example,
in one case a PDF file contained information that was redacted by placing black
bars over the text. The people posting the information apparently did not
realize that the redacted information can be viewed by looking at the source
file.

There are countless other examples where sensitive information was leaked. What
is important is that the inadvertent release of information is considered a
vulnerability that is considered for mitigation.

View chapterPurchase book
Read full chapter
URL: https://www.sciencedirect.com/science/article/pii/B9780128093160000099


AN OVERVIEW OF STEGANOGRAPHY

Gary C. Kessler, Chet Hosmer, in Advances in Computers, 2011


4.7.1 STEGO AND COMMUNICATION PROTOCOLS

As the plethora of communication protocols evolves, the ability to embed (hide)
information in these data streams in order to either leak information or to
covertly communicate using these streams is possible. As with other forms of
steganography, the first key to identifying the covert channels is to be looking
for them.

It is important to remember that individuals would use this method to leak
information or covertly communicate when proven cryptography methods do not
exist. Consider that the primary purpose for crypto is to deliver private and
confidential communication between users that possess the proper credentials and
keying material. The purpose or intent of steganography, however, is to hide the
very existence of the communication channel.

Given this distinction, covert channels attempt to circumvent organization
security policies by exploiting legitimate communication channels [29].
Organizations today have large, complex network and communications
infrastructures. Each provides a point of attack for insiders or infected
systems to communicate covertly. Utilizing compromised images and multimedia
files in conjunction with Internet, e-mail, and other common infrastructure
services to push files that contain hidden content represents the simplest form
of this attack. More complex forms involve the modification of the communication
channel itself in order to exploit unused spaces and attributes of the channels.

Even wireless local area networks (WLANs) are susceptible to such attacks [30].
One such example is the Frame Control (FC) field of IEEE 802.11 WLAN frame
header. Manipulating rarely used bits in the FC field, such as More Frag, Retry,
PwrMgt, or More Data, can provide single or multiple bit alterations in every
frame and, thus, a low-bandwidth side communication channel.

The method of modifying communication packets to embed hidden information is not
new. Covert TCP by Craig Rowland [31], for example, forms covert communication
channels using the Identification field in IP packets or the Sequence Number
field in TCP segments [4,32]. As new protocols are developed, rarely used fields
or fields that contain limited value offer new applications for steganography.
Whether these protocols are TCP, IP, or User Datagram Protocol (UDP) based, or
whether the application is client/server or peer-to-peer, exploitation
opportunities exist.

View chapterPurchase book
Read full chapter
URL: https://www.sciencedirect.com/science/article/pii/B9780123855107000023


DATA LOSS PROTECTION

Ken Perkins, in Computer and Information Security Handbook (Second Edition),
2013


2 WHAT IS DLP?

Data loss protection is a term that has percolated up from the alphabet soup of
computer security concepts in the past few years. Known in the past as
information leak detection and prevention (ILDP), used by IDC; information
protection and control (IPC); information leak prevention (ILP), coined by
Forrester; content monitoring and filtering (CMF), suggested by Gartner; or
extrusion prevention system (EPS), the opposite of intrusion prevention system
(IPS), the acronym DLP seems to have won out. No matter what acronym of the day
is used, DLP is an automated system to identify anything that leaves the
organization that could harm the organization.

DLP applications try to move away from the point or niche application and give a
more holistic approach to coverage, remediation and reporting of data issues.
One way of evaluating an organization’s level of risk is to look around in an
unbiased fashion. The most benign communication technologies could be used
against the organization and cause harm.

Before embarking on a DLP project, understanding some example types of harm
and/or the corresponding regulations can help with the evaluation. The following
sidebar, “Current Data Privacy Legislation and Standards,” addresses only a
fraction of current data privacy legislation and standards but should give the
reader a good understanding of the complexities involved in protecting data.

View chapterPurchase book
Read full chapter
URL: https://www.sciencedirect.com/science/article/pii/B9780123943972000672


RECOMMENDED PUBLICATIONS

InfoInfo icon
 * Computer Networks
   Journal
 * Future Generation Computer Systems
   Journal
 * Computers & Security
   Journal
 * Journal of Systems and Software
   Journal

Browse books and journals


 * About ScienceDirect
 * Remote access
 * Shopping cart
 * Advertise
 * Contact and support
 * Terms and conditions
 * Privacy policy

We use cookies to help provide and enhance our service and tailor content and
ads. By continuing you agree to the use of cookies.

Copyright © 2022 Elsevier B.V. or its licensors or contributors. ScienceDirect ®
is a registered trademark of Elsevier B.V.

ScienceDirect ® is a registered trademark of Elsevier B.V.