Comment/ Flaws were found that would allow an attacker to reconfigure or change the behavior of the DLP system so that it no longer monitors data leaks.There will be names named next week on this.
=================================================================================================
By: Kelly Jackson Higgins Posted on July 30 2014
Researchers to reveal key security flaws in commercial and open-source data loss prevention software at Black Hat USA next week.
It's a case of a security tool harboring security vulnerabilities: A pair of researchers has discovered multiple flaws in commercial and open-source data loss prevention (DLP) products.
Zach Lanier, senior security researcher at Duo Security, and Kelly Lum, security engineer with Tumblr, next week at Black Hat USA in Las Vegas will demonstrate the cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities they discovered in four commercial DLP products and one open-source tool they investigated. They plan to name names next week during their talk, "Stay Out of the Kitchen: A DLP Security Bake-Off," where they also will provide proof-of-concept attack examples.
DarkReading/ full read here/ http://www.darkreading.com/vulnerabilities---threats/security-holes-found-in-some-dlp-products/d/d-id/1297664?
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.