Abstract
Corporate websites, Google, forums,
newsgroups ... All valuable sources of all kinds of information.
Unfortunately, those that seek information from these sources are not
always our customers, partners, or (potential) employees, but can also
be people with less honest intentions. In order to research which
sensitive information can be found freely available on the Internet, the
author will put on a black hat and scour various online locations and
use simple tools to get this information without breaking the law, and
without crossing the line between ethical and non-ethical. Research
includes locations where it is often already expected that an adversary
will turn to for intelligence gathering, such as attempts to perform
zone transfers. But also information that may not seem sensitive at
first, such as corporate websites and even Google searches will be put
under the loop. The conclusion of this research is that a lot of
sensitive information is out there, and was put there by people either
knowingly or unknowingly. It is about time that user education is taken
more seriously, and turning the Internet inside out in search for
sensitive information should become a very important part of audits and
penetration testing.
Download here.
