Group items tagged

How can you identify and locate your organization's most sensitive data? Many vendors are offering data loss prevention (DLP) tools and other discovery tools, and many of them offer a lot of promise. But they aren't cheap or trivial to deploy. Does your data discovery process have to wait until you get the time and budget to deploy DLP? Thankfully, no. It's possible to get a jump-start on discovering sensitive data using freely available and open source tools -- provided that you understand what your company needs to identify and protect. The tools range in functionality from simple searching of files on desktops and laptops to spidering and searching Website content.

It may not be possible after all to conceal the existence of a sensitive file on a machine. BT security expert Bruce Schneier and a group of researchers have hacked an ultra-paranoid feature in the TrueCrypt open-source disk encryption tool that lets users hide secret files from detection by attackers or others. This "deniability" feature is a sort of extreme file-protection function that first encrypts the file and then hides it within an encrypted area on the disk drive like an invisibility cloak. But Schneier, chief security technology officer with British Telecom and researchers from the University of Washington found that Microsoft Vista, Word, and Google Desktop each can blow the cover of files using this so-called "deniable file system" (DFS) feature. The researchers were able to get around DFS in versions 5.0 and below of TrueCrypt's encryption-on-the-fly tool, and will present their findings on the hack at the Usenix HotSec '08 summit next week in San Jose, Calif.

Rapid7 has acquired Metasploit to bring the open-source project's database of reliable exploits to bear in Rapid7's vulnerability management and penetration testing offerings.