Marcus Carey, security researcher at Rapid7
September 04, 2012
Threat of the month

Threat of the month: Data disclosure via paste sites

IE exploits are the "Threat of the Month"
IE exploits are the "Threat of the Month"

What is it?

Unauthorized information disclosure via “paste” sites has been a common occurrence as a part of recent high-profile information security breaches. Attackers often use paste sites after the initial compromise to announce their conquests and share breached data.

How does it work?

Many paste sites allow anonymous submission of data, allowing attackers to leave sensitive information without repercussions.  

Should I be worried?

When sensitive details are released, innocent bystanders often have their account credentials compromised. 

How can I prevent it?

The best prevention is to limit password reuse in order to prevent attackers from using compromised credentials to login to other websites. Users can also set up “search alerts” to identify when search engines discover information like credit card prefixes. Upon discovery of this malicious behavior, the paste site can be notified to take down the disclosed information.

From the September 2012 Issue of SCMagazine »
Similar Articles
Related Topics

Sign up to our newsletters

More in News

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.

WordPress tightens security with two-factor authentication

The new feature is immediately available for users and "secret" codes can be accessed via SMS or through the Google Authenticator app.

Microsoft fixes three "critical" flaws with Patch Tuesday release

The biggies are two vulnerabilities in Internet Explorer and a single weakness in Remote Desktop Connection.