Disclosing too much...
Thursday, May 10. 2007
F-Secure's blog has today an entry entitled "Advanced tools to handle stolen information". That blog entry deals with an information stealing trojan which sends all collected data to a central drop site. They also have some screenshots and this is were things get messy: using the information from the screenshot, it is trivial to find information about other victims. Within a couple of minutes I could find personal data of about 100 other victims. This information includes, amongst other, the following entries:
Perhaps it is better to handle such information more carefully and not publish too much. FX wrote about this topic some time ago in the Sabre Lablog: "Irresponsible Disclosure"
- system info: user, processor, operation system, memory, IP address, disc information, folders, process list, installed programs, ...
- ICQ 2003a & Lite passwords
- dialup passwords
- passwords from Windows protected storage
- Wand & email Opera passwords
Perhaps it is better to handle such information more carefully and not publish too much. FX wrote about this topic some time ago in the Sabre Lablog: "Irresponsible Disclosure"
".
