RealTime IT News

McAfee Combats Human Error

McAfee has released an updated version of its security tool, which uses Google to identify important information accidentally exposed on the Web.

Foundstone SiteDigger 2.0 uses indexed search information on Google to spot human error vulnerabilities that often appear on search engines, said Chris Prosise, vice president of worldwide professional services at McAfee.

Prosise said employees often aren't aware that they can accidentally expose confidential information, including financial records, passwords and personal information on an organization's Web site.

"While companies have become increasingly vigilant about guarding their corporate networks from break-ins, they also need to be able to account for potential human errors with information inadvertently made visible on the Internet," Mark Curphey, director of consulting for Foundstone Professional Services at McAfee, said in a statement.

The free downloadable tool hunts for unwanted information mistakenly left on an enterprise's Web site. Passwords, personal data, financial records and other confidential documents are frequently left exposed on a company's site and can be easily accessed by malicious hackers.

"McAfee is committed to providing the necessary tools to safeguard personal and private information, and the increased functionality of our SiteDigger tool helps companies protect private information that is mistakenly made available through their Web sites."

There are seven exploit categories the tool can focus on: privacy, back-up files, configuration mistakes, remote administrator interface, error messages, public vulnerabilities and technology profiles.

Once the scan is complete, a report is issued enabling the business to minimize these information leaks and address any potential problems.

Prosise said the focus of SiteDigger to perform vulnerability assessment will enable IT managers to be more proactive in protecting their assets.

"Tools and techniques for direct attacks on Web applications are fairly non-existent today," he said.

Kartik Trivedi, service consultant at McAfee, noted several recent occasions where Google has been exploited by hackers to identify vulnerable systems. As reported earlier on internetnews.com, the flaws can give users access to local searches.

SiteDigger uses Google's Web services API to perform the search queries, and it has new automatic updating that allows McAfee to send reports of flaws to users as soon as they are discovered.