
metadata - that is, information about the data used, such as author name, file size, in which the program is done.
So Now, I recently came across an interesting programm - FOCA. This program analyzes the contents of the selected web site, using queries multiple search engines. During the search are found files with extensions doc, pdf, ppt, xls, pps, etc. Then all the files are downloaded to a computer and analyzed they contain metadata. If successful, the metadata can be found among the user names, email-s, the names of folders, printers, software and operating systems.
example, here is a brief analysis of the results using this program the site of one of the famous banks (for ethical reasons name was not called):
was found more than 600 files (doc, pdf, xls)

The analysis of these files has been received about 108 users (created these documents), 2 internal network printers, 11 e-mail addresses and 45 records of the software used.

information about what software is used to create the downloaded files, incidentally, can be used for the selection of malware code that exploits a vulnerability is in these versions of software, which somewhat increases the chances of success of a hacker attack.

as a possible counter-measures can be offered first to the very similar analysis of your website (download the free version of FOCA can here ), and use tools to clean the metadata from files before they are published on the Internet.
0 comments:
Post a Comment