How many times have you gone on the internet and searched for your name, or a partners name, or even an old friend or ex-girlfriend? While the internet may not appear to have the answers the information sometimes can still be there.
Of the One Billion (approximately 1,086,250,903 people http://www.internetworldstats.com/stats.htm) that use the internet it would be safe to assume that for the vast majority that utilise the internet for personal use would have some data about them stored or accessable to individuals out on the internet.
While people using Myspace have many details on the web including their birthdays, height and even their sexual preferences. But what about information about the business?
Consider Johnny Long and his web site http://johnny.ihackstuff.com/ this site is a prime illustration of the mechanisms that can be employed to gain information through google about the poor implementation of restrictive
* Directory browsing on webserver
* Identifying unpatched security flaws
* Password lists and information for the administration of servers
* Metadata in PDF documents and Office Documents such as Excel and Word.
* Selling second hand equipment such as hard drives
* newspaper ads for jobs
* Names of the administrators of the network
* Delegated owners of accounts
* Whois or Finger information
* Or even the unsecured web cam that watches your server room or a whole bunch of other cameras
This information could be used to either do the initial penetration testing for the organisation, or could be used to develop an information base to begin social engineering on the business.
What are your experiences?
Tuesday, June 3, 2008
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment