For the first half of this year there was already some pretty big hacking (Night Dragon, attack on RSA, MySQL, etc). With that in some cases, for example, in an incident with the RSA, during an attack used by social engineering. And what does it take to conduct a successful attack with the use of social engineering? You need to have as much information about the purpose of the attack. One way to obtain information (And quite simple and virtually invisible) is to analyze the metadata contained in documents published by the Internet (in particular on the official site). metadata - that is, information about the data used, such as author name, file size, in which the program is done.
So Now, I recently came across an interesting programm - FOCA. This program analyzes the contents of the selected web site, using queries multiple search engines. During the search are found files with extensions doc, pdf, ppt, xls, pps, etc. Then all the files are downloaded to a computer and analyzed they contain metadata. If successful, the metadata can be found among the user names, email-s, the names of folders, printers, software and operating systems.
example, here is a brief analysis of the results using this program the site of one of the famous banks (for ethical reasons name was not called):
was found more than 600 files (doc, pdf, xls)
The analysis of these files has been received about 108 users (created these documents), 2 internal network printers, 11 e-mail addresses and 45 records of the software used.
information about what software is used to create the downloaded files, incidentally, can be used for the selection of malware code that exploits a vulnerability is in these versions of software, which somewhat increases the chances of success of a hacker attack.
as a possible counter-measures can be offered first to the very similar analysis of your website (download the free version of FOCA can here ), and use tools to clean the metadata from files before they are published on the Internet.
0 comments:
Post a Comment