Metadata analysis is not new. This topic was revisited at the recent Defcon. Chema Alonso and Jose Palazon presented a tool called FOCA.
I decided to give it a whirl. Performed metadata extraction against PDF files hosted on Splunk's website. Besides names of Splunk employees, nothing else interesting to discover.
Tested FOCA against the Central Narcotics Bureau's website. Shocker!!! Besides usernames used by CNB, I was able to acquire I/C numbers. I classify this leakage as a high risk considering that the government standardised citizens' login IDs by requiring them to use their respective I/C numbers to access all government websites.
Don't want to install the FOCA software on your machine? You can opt for the online version.
Subscribe to:
Post Comments (Atom)
VMware Workstation Pro is now free for personal use!!!
VMware Workstation Pro is now free for personal use!!! However, it was not straight forward to install on Ubuntu as I encountered error mes...
-
This annoying message popped up after I ran the update in avast! in Ubuntu yesterday. avast! crashes every time I attempt to launch it after...
-
I decided to install a digital certificate for my Gmail account. This is simple and free to set up. Apply for a free certificate from Comod...
No comments:
Post a Comment