Metadata extraction

Metadata analysis is not new. This topic was revisited at the recent Defcon. Chema Alonso and Jose Palazon presented a tool called FOCA.
I decided to give it a whirl. Performed metadata extraction against PDF files hosted on Splunk's website. Besides names of Splunk employees, nothing else interesting to discover.

Tested FOCA against the Central Narcotics Bureau's website. Shocker!!! Besides usernames used by CNB, I was able to acquire I/C numbers. I classify this leakage as a high risk considering that the government standardised citizens' login IDs by requiring them to use their respective I/C numbers to access all government websites.

Don't want to install the FOCA software on your machine? You can opt for the online version.
at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

dnssecaudit.py

Since I was on a roll with Copilot, I decided to automate DNSSEC auditing with the following Python script. Not the most creative tool name....

  • "An error occured in avast! engine: Invalid argument"
    This annoying message popped up after I ran the update in avast! in Ubuntu yesterday. avast! crashes every time I attempt to launch it after...
  • Encrypted mails
    I decided to install a digital certificate for my Gmail account. This is simple and free to set up. Apply for a free certificate from Comod...